4

If I receive an email from A.com without DKIM-Signature in the header, how could I know if A.com is using DKIM?

I am trying to figure out if a domain is using DKIM, but if I didn't or can't receive an email from A.com, how could I konw if A.com is using DKIM?

Hang Hu
  • 53
  • 1
  • 3

2 Answers2

4

With DKIM alone, there is no way to be sure. DKIM is designed for validating that email content is trustworthy i.e. hasn't changed during delivery. The key used for signing is verified against public DKIM key in DNS, but the same domain can have several keys for different purposes and the selector can be anything, e.g. mta1._domainkey or whatever._domainkey and is only introduced in the flag s=selectorname of DKIM-Signature header.

If the sender has also implemented DMARC, it is a clear indication that there should be both DKIM and SPF. Therefore:

  • If a domain has _dmarc.example.com. TXT "v=DMARC1; p=... there should be DKIM. The DMARC record also tells what to do with messages not passing the test.
  • If there is no _dmarc TXT, they may or may not have DKIM.
Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
  • 1
    RFC 7489 says that Identifier Alignment occurs when "SPF or DKIM (or both)" are valid. So it's possible for a sender to use DMARC without DKIM, although in practice that seems very rare. – mndrix Nov 26 '18 at 17:47
0

Send an e-mail to Gmail address... Check source headers? also if it went to spam DKIM is probably not configured correctly.

Also https://www.mail-tester.com/ Is a great tool for configuration of DomainKeys, DKIM, DMARC & SPF.

Max Coates
  • 84
  • 4