Missing DKIM

[nijel]

Reported by Emanuel Bronshtein:

Missing DKIM

More information about DKIM: http://www.dkim.org/ https://support.google.com/a/answer/174124?hl=en

Indication in Gmail (that email not signed by DKIM):

1. Missing field: "signed-by:"
2. no 'DKIM-Signature' header.

fix:

1. implement DKIM validation 1.1 use at least 1024 bit (2048 is better if possible) for DKIM Key (to avoid key factorization: https://www.ibm.com/blogs/commerce/2012/11/dkim-512-bit-cracked-gmail-policy-changes-and-the-implications-for-email-senders/) 1.2 rotate DKIM keys every x months (they recommended 3 months https://www.sparkpost.com/blog/the-importance-of-rotating-your-dkim-keys/)