1024-Bit DKIM Email Signature Improves Email Security
August, 2013
Blackbaud recently changed how we add DKIM, or DomainKeys Identified Mail, signatures to emails sent from Luminate Online. Given that the DKIM keys in use were not long enough to be trustworthy, Gmail and other email services are no longer accepting emails with DKIM signatures that use keys shorter than 1024-bits. With this change, email deliverability will improve for those email services that are only accepting 1024-bit DKIM keys.
What is DKIM?
DKIM is a method of verifying an email’s authenticity and to verify that it was
not tampered with in transit. This process helps email administrators to combat
spam.
How does DKIM work?
Blackbaud adds a DKIM-signature header to all email messages that originate from
Luminate Online. A DKIM-signature header is a digital signature of the contents
of the email message. Receiving mail systems use the name specified in the
DKIM-signature header to perform a DNS lookup. That DNS lookup will return the
DKIM public key Blackbaud used to add the DKIM-signature header. Receiving mail
systems retrieve the key, decrypt the header field and compare it to the email
they received. If the two values match, this cryptographically proves that the
mail was sent by the entity specified in the DKIM-signature header, and has not
been tampered with in transit.
What does my organization need to do to send with 1024-bit DKIM signatures?
Nothing. In the interest of security, delete any DKIM public keys published with
less than 1024-bits. This includes the convio1 key that many clients have
published.
What DNS record needs to be removed?
DKIM public keys are published with DNS TXT records with names like
convio1._domainkey.mydomain where mydomain is the domain name in question.
If you previously published the old convio1 DKIM public key with this DNS record, please delete the DNS record
Note: Removing DNS records varies by DNS server and/or service used.
What types of Blackbaud email does this affect?
All email sent from Luminate Online.
Privacy Policy | Safe Harbor Notice | Terms of Use | Acceptable Use Policy | © 2012 Blackbaud, Inc. All Rights Reserved