You can help prevent spoofing by adding a digital signature to outgoing message headers using the DKIM standard. This involves using a private domain key to encrypt your domain's outgoing mail headers, and adding a public version of the key to the domain's DNS records. Recipient servers can then retrieve the public key to decrypt incoming headers and verify that the message really comes from your domain and hasn't been changed along the way.
Google Apps' digital signature conforms to the DomainKeys Identified Mail (DKIM) standard.
Email authentication[edit | edit source]
- If a message was correctly DKIM signed, a 'signed-by' header with the sending domain will appear.
- If a message was SPF authenticated, a 'mailed-by' header with the domain name will appear.
- If no authentication information exists, there will be no signed-by or mailed-by headers.
If you're a sending domain[edit | edit source]
Tools[edit | edit source]
Dave Johnson (twitter://@protodave) lets you check your key length Your DKIM key should be at least 1024 bits.