- Domain Keys Identified Mail is an email authentication standard. It uses a public/private encrypted key approach to authenticate the domain responsible for an email.
About DKIM and DMARC
What is DKIM?
Are you signing outbound mail?
- AOL DKIM signs outbound email for several domains, including AOL.com.
Will your feedback loop include DKIM validation results?
Yes, the authentication results are in the "X-AOL-SCOLL-AUTHENTICATION:" header:
X-AOL-SCOLL-AUTHENTICATION: mail_rly_antispam_dkim-m230.1 ; domain : gmail.com DKIM : pass
X-Mailer: Unknown (No Version)
What algorithm choices does AOL support?
- We support RSA-SHA 1 and RSA-SHA 256
How will you handle messages with multiple signatures?
- AOL currently will only validate one signature. In the case of multiple signatures we will attempt to validate the originator's signature first. We are evaluating data and industry use of multiple signatures and may modify how we handle multiple signatures in the future.
What is DMARC?
DMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance", is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.
DMARC standardizes how email receivers perform email authentication using the well known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at any email receiver implementing DMARC.
How Does DMARC Work?
- A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes - such as junk or reject the message. DMARC removes guesswork from the receiver's handling of these failed messages, limiting or eliminating the user's exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.
Who Can Use DMARC?
How Does AOL use DMARC?
- AOL has implemented p=reject for mail from AOL and AOL owned domains. For more information on our implementation of DMARC, please visit http://postmaster-blog.aol.com/2014/04/22/aol-mail-updates-dmarc-policy-to-reject.
How Can I Find Out More?
For more information, please go to the official DMARC site: http://www.dmarc.org/