• Contact Us
  • Pricing
  • Search
  • Register
  • Login
  • DNS Tools
    • MX Records
    • A Records
    • CNAME Record
    • PTR Record
    • SPF/TXT Records
    • NS Records
  • Domain Tools
    • ARIN Records
    • WHOIS Records
  • Blacklists
    • Blacklist Checker
    • Whitelist Checker
    • Email Blacklist Removal Tool
  • Email Tools
  • Port Scans
  • Other Tools
    • IP Tools
      • IP Address Converter
      • IP Address Locator
      • IP Range To CIDR
    • Chrome Extension - Email Deliverability Checker
    • 3D Trace Route
  • Blog
    • First Time Sender
      • Email Certification
      • Email Throttling
      • IP Warming
    • Formatting Emails
      • For Browsers
      • For Devices
      • For Email Clients
    • How To Avoid
    • How To Set Up
    • Mail Tester Guide
      • Email Headers Explained
      • MX Records, PTR Records, and Reverse PTR Records AKA rDNS
      • RFC Syntax Checking
      • Email Port Checks
      • SPF Record and Alignment
      • DKIM Signatures and Alignment
      • DMARC Validation
      • Mail Tester Test Tool
    • Measuring Peformance
      • Bounces
      • Clickthrough Rates
      • Open Rates
    • Related Resources
      • Abuse Contacts
      • Common Ports
      • DMARC and the Contact Us Form
      • Email Identifier
      • Email Headers
      • Email Statistics
      • How Email Works
      • How to Treat Spammers
      • Securing Your Server
    • Rules to Follow
      • Can Spam Act
      • Postmaster Guidelines
  • Member Services
    • Members Area
    • Community Forums
    • Blacklist Monitoring
    • Bulk Email Validation Tool
    • Complete Monitoring Solution
    • Domain Name Monitoring
    • Feedback Loop Submissions
    • Full Port Scan Monitoring
    • Mail Tester Pro Tool
    • Mail Miner
    • Spam Detector Toolbox
    • Trusted Sender Site Seal

How To Set Up Your Author Domain Signing Practices (HISTORIC)


Published Standard: RFC 5617 (HISTORIC)

What is ADSP?


Author Domain Signing practices (ADSP), was developed to help prevent the exploit of a legitimate email author's name recognition in the From field.

Malicous senders try to repersent themselves as authors for who they are not authorized to send mail, often in attemp to defraud either the recipient or alleged author.

ADSP is an extension of DKIM, some people will say it's an optional extension, because if your ADSP record is undefined, it's treated the same as if it was defined with an "unkown" policy.

There are currently is a total of three different outbound signing practices that can be set:
  • all - All mail from the domain is signed with an Author Domain Signature.
  • discardable - All mail from the domain is signed with an Author Domain Signature. Furthermore, if a message arrives without a valid Author Domain Signature due to modification in transit, submission via a path without access to a signing key, or any other reason, the domain encourages the recipient(s) to discard it.
  • unknown - The domain might sign some or all email.
Any other value than "all" or "discardable" is treated as "unknown". In other words "dkim=unknown" and "dkim=AnythingButAllorDiscardable" would be treated the same way.

If you use the term "all" or "discardable" that means all the email that you send in the from field with "user@domain.com" originates from your mail servers. If you use a third party provider to send mail on your behalf. Then you will set the ADSP dkim policy to "unknown".

The main difference between "all" and "discardable" is that "all" should to be treated suspiciously (given a higher spam score) by the recieving MTA Email Server, if the email is not signed by the users domain. "discardable" tells the receiving MTA Email Server to discard the message completely, if it's not signed by the users domain.

How do I set up my ADSP Policy (_adsp._domainkey) ?


First, you need to set up your DKIM: How to set up your DKIM Signature.

Next, you'll need to publish a DNS TXT resouce record type for your domain in this format.

_adsp._domainkey.<sub>.domain.example, if your domain email has sub domain emails you will simply replace the <sub>.

For example "user@blogs.domain.com" would have a key that looks like this:

_adsp._domainkey.blogs.domain.com

But, most commonly, most domain owners have emails like "users@domain.com" and that will look like this.

_adsp._domainkey.domain.com

The for the value of the record you will set either "dkim=all","dkim=discardable", or "dkim=unknown", based on the policy you wish to enforce.

You can generate your ADSP record by using our wizard: ADSP Wizard

Here's an example of our what our ASDP record looks like, which you can see by clicking here: Our ADSP Record or viewing the image below.

ADSP Record


Once you have your ADSP set up in DNS, you can send an email to "mailtest@unlocktheinbox.com" and it will auto-respond letting you know if it detected your ADSP policy in DNS.

Source: Unlock The Inbox
Copyright © 2017 Unlock The Inbox