Marketing automation software and service

Automate your contact gathering, segmenting, their data enriching, sending right content at right timingg. Mailbow empowers organizations to communicate with their customers using source data and to send responsive beautiful emails via marketing automation.

Try for free

Update your DKIM keys (07.11.2012)

DKIM key

If you have 512 bits DKIM keys or lower, you should change it, because of new changes.

To fix it its’ quite easy, companies simply need to generate new DKIM keys at  the stronger length and place it in their DNS records and at the same time they have to revoke their old key.

To determine if your emails are failing DKIM due to a weak key, or if you need to upgrade from a 768 -bit key, do the following:

How to check it?

Send a test email to Gmail. Check the headers for the following line: Authentication-Results:mx.google.com; spf=pass (google.com: domain of xxx@xxxxx.xxx designates xxx.xxx.xxx.xxx as permitted sender) smtp.mail= xxx@xxxxx.xxx; dkim=pass header.i=xxxxxx.xxx

If it says dkim=pass, you are good, but if it says dkim=fail, you should upgrade your key immediately.

 

Why did this happen?

A mathematician Zach Harris (35) recently cracked Gmail’s DKIM key and wrote to the founders of Google Sergey Brin and Larry page by impersonating them. After this he discovered the weak points at yahoo.com, paypal.com, ebay.com, twitter.com, amazon.com, apple.com and other numerous major internet domains.

Because of the act of Harris, Gmail and other major players in email industry started to create new DKIM keys stronger than 512-bits. The first act after finding out this security risk, they started failing anything signed with 512-bit key or less.

According to Return Path, this can affect your emails in the following ways: businesses that have a published list-unsubscribe header and also a 512-bit key or less DKIM key may mean your subscribers may not have the option to opt-out and this might mean more complaints. Nobody’s emails will be blocked for failing DKIM, but there is a risk if you have published DMARC policy.