You have probably often encountered a situation where your, at first glance, harmless letters do not reach the addressee. Or they end up in the spam folder. In this article we will look at the use of a DKIM digital signature, as well as SPF records, which are widely used to confirm the legitimacy of your letter. Letter legitimacy (from the Latin legitimus - legal, legitimate) - the degree of evaluation of the letter by the recipient's mail server. The recipient's mail server can identify the letter as legitimate or illegitimate (suspicious). Legitimate emails reach the recipient's inbox without any problems. Illegitimate letters, in turn, do not reach the recipient at all or end up in the recipient’s so-called Spam (Junk) folder. Even though your letter subjectively looks legitimate, the recipient's mail server, in accordance with its mail filtering policy, has its own opinion on this matter. What is DKIM DKIM(short for DomainKeys Identified Mail) is one of the E-mail authentication methods. This technology is used for anti-phishing and anti-spam in order to improve the quality of classification and identification of legitimate email. Traditionally, the sender of a message is identified using his IP address. When using DKIM, a digital signature is added to the message associated with the sender's domain name. After sending such a letter, the digital signature is checked on the recipient’s side, after which “white lists” and “black lists” are used to determine the sender’s reputation. DomainKeys technology uses domain names to authenticate senders. DomainKeys uses the existing Domain Name System (DNS) to transmit public encryption keys. Using DKIM for an email domain In order to enable the use of digital signature DKIM, go to the ISP Manager panel, in the “E-mail” - “Mail Domains” section, select the required domain by double-clicking on it. In the window that opens, check the box next to "EnableDKIM". That's it! Now the letters you send will be signed using DKIM technology. What is SPF? Sender Policy Framework is an extension to the SMTP email sending protocol that allows the receiving server to check whether the sender's domain has been spoofed. SPF allows the domain owner to specify in the TXT record corresponding to the domain name a specially generated string indicating the list of servers that have the right to send email messages with return addresses in this domain. SPF is enabled by default for all email domains of our hosting. An example of what an SPF record looks like on our hosting:

Summarizing the above, I would like to remind you of the rule that exists on our hosting: the frequency of sending letters should not exceed the limit of 10 letters per minute. How to generate a DKIM digital signature yourself? There are many services for generating DKIM signatures. Let's consider one of these services http://www.port25.com/support/domainkeysdkim-wizard/. Our task is the following: - Obtaining a pair of private and public keys; - Entering into DNS domain information the necessary records about the availability of DKIM support. Enter the domain name as well as the "selector" name for your mail server. The "selector" can have any name, for example, mail or key1. If you have several servers for sending mail, then there may be several “selectors” for your domain. We successfully completed the first task: we received the public and private key: Next, using the service prompts, you need to enter TXT records into the DNS of your domain name. In our example, you need to add TXT records: mail._domainkey.example-site.com and _domainkey.example.com. Both entries will look like this: _domainkey.example-site.com. TXT "t=s; o=~;" mail._domainkey.example.com. TXT "k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQ" At the final stage, you need to save the private key to a file that will be readable by the mail sending server. To configure DKIM support on your mail server, use the user manual of the installed software. Now, to check if everything is configured correctly, send an email to Gmail. The headers of the sent email should contain the following lines: Authentication-Results: mx.google.com; spf=pass (google.com: domain of example@example-site.com designsates 123.123.123.123 as permitted sender) smtp.mail=example@example-site.com; dkim=pass header.i=@example-site.com That's all. In addition to the suggested methods, do not forget about common sense. With this approach, you will have a better chance of passing the legitimacy check ;-)