About DKIM and DMARC

What is DKIM?

  • Domain Keys Identified Mail is an email authentication standard. It uses a public/private encrypted key approach to authenticate the domain responsible for an email.

Are you signing outbound mail?

  • AOL DKIM signs outbound email for several domains, including AOL.com.

Will your feedback loop include DKIM validation results?

  • Yes, the authentication results are in the "X-AOL-SCOLL-AUTHENTICATION:" header:


    X-AOL-SCOLL-AUTHENTICATION: mail_rly_antispam_dkim-m230.1 ; domain : gmail.com DKIM : pass

    X-Mailer: Unknown (No Version)

What algorithm choices does AOL support?

  • We support RSA-SHA 1 and RSA-SHA 256

How will you handle messages with multiple signatures?

  • AOL currently will only validate one signature. In the case of multiple signatures we will attempt to validate the originator's signature first. We are evaluating data and industry use of multiple signatures and may modify how we handle multiple signatures in the future.

What is DMARC?

  • DMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance", is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.

  • DMARC standardizes how email receivers perform email authentication using the well known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at any email receiver implementing DMARC.

How Does DMARC Work?

  • A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes - such as junk or reject the message. DMARC removes guesswork from the receiver's handling of these failed messages, limiting or eliminating the user's exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

Who Can Use DMARC?

  • DMARC policies are published in the public Domain Name System (DNS), and available to everyone. The IETF has accepted the DMARC specification as an Independent Submission and it is published as RFC 7489. In addition, the IETF has a DMARC Working Group tasked with improving the specification.

How Does AOL use DMARC?

  • AOL has implemented p=reject for mail from AOL and AOL owned domains.

How Can I Find Out More?

For more information, please go to the official DMARC site: http://www.dmarc.org/