Proposal to Add DKIM to Linode Events Notification

This is a proposal to add DomainKeys Identified Mail (DKIM) to email messages send by Linode Events Notification

Steps to reproduce:

1. If not already done, enable “Events Email Notification” at https://manager.linode.com/profile/notifications

2. Reboot any Linode server

3. You'll receive the Linode’s automated email notification within seconds. Notice that it is not sign by DKIM. This is the challenge. The original email header reads:

Received: from mail2.linode.com (mail2.linode.com [173.255.198.11]) by <masked>; Fri,
  9 Feb 2018 08:15:06 -0800 (PST)
Received: from webserver1.linode.com (<masked>) by mail2.linode.com (Postfix) with ESMTP id <masked>; Fri,
  9 Feb 2018 11:15:05 -0500 (EST)
Date: Fri, 9 Feb 2018 11:15:05 -0500 (EST)
From: Linode Alerts <[email protected]>
To: <masked>
Message-ID: <<masked>@mail2.linode.com>
Subject: Linode Events Notification - <masked>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailer: ColdFusion 11 Application Server</masked></masked></masked></[email protected]></masked></masked></masked>

Why add DKIM?

• For those not familiar with DKIM, watch this short 2 minutes video at https://youtu.be/4N4Hm_1I1ks

• More secure. It's much harder to spoof a email signed by DKIM.

• Easier to filter spam. Read more at https://en.wikipedia.org/wiki/DomainKey … _filtering">https://en.wikipedia.org/wiki/DomainKeysIdentifiedMail#Usewithspam_filtering

• Reduce risk of false spam, and phishing. Otherwise the email message is automatically either tag as spam or blocked. Read more at https://en.wikipedia.org/wiki/DomainKey … i-phishing">https://en.wikipedia.org/wiki/DomainKeysIdentifiedMail#Anti-phishing

• Compatibility. An increasing amount of software, and vendors requires DKIM. Read more at https://en.wikipedia.org/wiki/DomainKey … patibility">https://en.wikipedia.org/wiki/DomainKeysIdentifiedMail#Compatibility

• Protocol overhead. Read more at https://en.wikipedia.org/wiki/DomainKey … l_overhead">https://en.wikipedia.org/wiki/DomainKeysIdentifiedMail#Protocol_overhead

• Non-repudiability. Read more at https://en.wikipedia.org/wiki/DomainKey … udiability">https://en.wikipedia.org/wiki/DomainKeysIdentifiedMail#Non-repudiability

If needed I would be happy to contribute testing :)

Thanks to dubidubno for the idea about this proposal :)

2 Replies

+1 from me on DKIM, SPF and DMARC.

As a side note, I'd like to mention that my personal experience with DKIM hasn't been as good as I expected. In other words, DKIM made no difference in practice, none whatsoever.

Deliverability didn't improve, I still see a lot of problems with outlook/hotmail/microsoft. Almost all the remote servers that I've seen don't check DKIM signatures, I tested this by sending emails with broken DKIM signatures and the emails still got delivered.

From my receiving side, I see tons of spam that got through with valid DKIM signatures and valid SPF records. Looking at my stats, the number of emails blocked by DKIM are rather insignificant (not even worth a rounding error).

I think we need wider adoption, but it seems admins find it very hard to install DKIM.

I'd like to hear from others about their experience with DKIM, do you get difference results?

I configured DKIM signing on my personal Exim server. It wasn't difficult at all.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct