Published Standard: RFC 5617 (HISTORIC)
What is ADSP?
Author Domain Signing practices (ADSP), was developed to help prevent the exploit of a legitimate email author's name recognition in the From
Malicous senders try to repersent themselves
as authors for who they are not authorized to send mail, often in attemp to defraud either the recipient or alleged author.
is an extension of DKIM, some people will say it's an optional extension, because if your ADSP record
is undefined, it's treated the
same as if it was defined with an "unkown"
There are currently is a total of three different outbound signing practices that can be set:
- all - All mail from the domain is signed with an Author Domain Signature.
- discardable - All mail from the domain is signed with an Author Domain Signature. Furthermore, if a message arrives without a valid Author Domain Signature due to modification in transit,
submission via a path without access to a signing key, or any other reason, the domain encourages the recipient(s) to discard it.
- unknown - The domain might sign some or all email.
Any other value than "all"
is treated as "unknown"
. In other words "dkim=unknown"
would be treated the same way.
If you use the term "all"
that means all the email that you send in the from field with "email@example.com" originates from your mail servers.
If you use a third party provider to send mail on your behalf. Then you will set the ADSP dkim policy to "unknown"
The main difference between "all"
is that "all"
should to be treated suspiciously (given a higher spam score) by the recieving MTA Email Server, if the email is not signed by the
users domain. "discardable"
tells the receiving MTA Email Server to discard the message completely, if it's not signed by the users domain.
How do I set up my ADSP Policy (_adsp._domainkey) ?
First, you need to set up your DKIM: How to set up your DKIM Signature
Next, you'll need to publish a DNS TXT resouce record type for your domain in this format.
.<sub>.domain.example, if your domain email has sub domain emails you will simply replace the <sub>.
For example "firstname.lastname@example.org"
would have a key that looks like this:
But, most commonly, most domain owners have emails like "email@example.com"
and that will look like this.
The for the value of the record you will set either "dkim=all"
, or "dkim=unknown"
, based on the policy you wish to enforce.
You can generate your ADSP record by using our wizard: ADSP Wizard
Here's an example of our what our ASDP record looks like, which you can see by clicking here: Our ADSP Record
or viewing the image below.
Once you have your ADSP
set up in DNS, you can send an email to "firstname.lastname@example.org"
and it will auto-respond letting you know if it detected your ADSP policy in DNS.