Update Nov 2012:
Due to the recently released vulnerability related to the use of weak cryptographic DKIM keys, I wrote a tool to check DKIM records and determine their public key length: DKIM Key Checker
DKIM For The Masses
Google announced today they have added the ability for Google Apps customers to sign outbound email using the DKIM (DomainKeys Identified Mail) standard.
You can set it up for your own Google Apps domain (if you are the domain admin) using these instructions.
It’s a simple process but the trickiest part can be creating the DNS TXT record (which contains your DKIM public key), depending on how you manage your DNS. If you are serving DNS directly via your registrar, Google has some specific instructions for popular domain hosts.
Checking your work
Here’s a quick tip how you can check to make sure you created the record properly and it is being served…
From a shell/console (using your own domain name, of course):
dig google._domainkey.protodave.com TXT
This should return the DNS TXT record you created. In my case the response is:
;; QUESTION SECTION: ;google._domainkey.protodave.com. IN TXT ;; ANSWER SECTION: google._domainkey.protodave.com. 3599 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGfiExKCF1qk/JMaESySByrwx2VjPYDZThQa8432pSTf9mj+AtFiY6wo9A4CMMDLfUBzbDhXFzw3s/qci/tTut+sqv+MSAHhCBJV72Kai64j6TjxUUnfW1RkEYvDhXL+9Wy9OODx2DBZeTpPd6N2Rm4ks3b5wvg73s7RCKjTA7XQIDAQAB"
Get a Shell
If you don’t have access to a shell and ‘dig’, there are some web based lookup tools available too.
DKIM Core Key Check
Use “google” as the “Selector” and your domain name for “Domain name”
