Domain Keys Identified Mail and DomainKeys: Third in 3-Part Series on E-Mail Authentication - Page 4

Testing your authentication deployment

Now that you've got your sender authentication all set up, you will need to test it to make sure it's doing what you intend. A great way to do this is to use a testing tool called a reflector. To use a reflector, you send your authenticated message to the specified reflector e-mail address, and it will "reflect" back to you a message that tells you the state of your authentication (usually Pass, Fail or Neutral if there is no authentication information present).

There are a number of reflectors out there. You can see a list of some that support DKIM here. Sendmail's reflector is particularly useful because it returns results for all four types of authentication in the same reflector response message with just the basic status. The Port 25 reflector gives results for all four authentication types, and also includes details on the DNS records it finds in its verification. But it reflects to the Return-Path address so you may not be able to access the results unless you have help from your e-mail administrators.

Remember, it's all about reputation

It's important to remember that a valid authentication does not necessarily mean that the sender is legitimate or that the e-mail is permission based; many spammers use e-mail authentication too. Similar to the way that your driving record influences your insurance rates, most systems that do inbound authentication checking incorporate some kind of reputation checking mechanism before deciding how to process the message.

The authenticated domain's past sending behavior (good, neutral or poor reputation) will be what really determines how an authenticated message is treated. Authentication adds the assurance that the collected reputation really belongs to the authenticated domain, so that reputation can neither be hijacked nor corrupted by a spammer that forges or spoofs the domain name.

Editor's Note: In Part 1 of her three-part series on e-mail authentication, Knowledge Center contributor Ellen Siegel shared a comprehensive, high-level overview of e-mail authentication. In Part 2, Ellen delved into the functionality and implementation details of Sender Policy Framework (SPF) and Sender ID authentication. Here, in Part 3, Ellen delved into the functionality and technical details of Domain Keys Identified Mail (DKIM).

/images/stories/heads/knowledge_center/siegel_ellen70x70.jpg Ellen Siegel is Director of Technology and Standards at Constant Contact. With more than 20 years of experience in online communication technologies, Ellen works to define and drive the adoption of industry best practices and standards to help fight spam, support legitimate e-mail, and enable Constant Contact to serve the growing needs of small businesses and organizations.

Ellen is a board member and technical committee co-chair for the E-mail Sender and Provider Coalition (ESPC) and an active member of the Messaging Anti-Abuse Working Group (MAAWG). She can be reached at