DKIM Sign phishing and training emails with the client domain

回答済み

Gerry Morley

2020年09月29日 14:27

It would be useful for KnowBe4 to do like many other newsletter marketing companies, that is , to facilitate generating a public/private DKIM key pair where KnowBe4 signs the emails sent to the client with the client specific DKIM private key and you give the public key to the client to publish in their public DNS.

Since emails would then authenticated under  the client receiving domain, the client would be building their sending reputation under their own domain. 

This may also I think reduce the risk of the DKIM header appearing in Outlook (from address) for end users as currently happens when our client utilizes Microsoft O365 anti-spoofing technology instead of an external email filtering system.

7

• 

  Leo Nelson 2020年10月28日 23:49

  Echoing support for Gerry's suggestion. This would be a huge, huge help as we strive to ensure that there's a difference between a trusted external sender that aligns with the correct SPF/DKIM/DMARC specifications and is sending emails representative of our domain vs. an external sender that is merely just signing their emails.

  2

  コメントアクション Permalink
• 

  David Owen 2020年12月01日 22:41

  This feature is also important for us as the emails from KnowBe4 have a warning on them as we can't include it in our SPF record. SPF records have a limited size and a limited amount of DNS lookups so medium to large organizations struggle to add every system sending emails with their domain into their record. To resolve the sender authentication gap we can use DKIM signatures. 

  2

  コメントアクション Permalink
• 

  Bruce Duncan 2021年04月13日 19:59

  Hello.  Has there been any developments on this?

  1

  コメントアクション Permalink
• 

  Allyn Jacobs 2021年04月26日 14:32

  Hi there - of course add me as a +1 vote up for this feature as well.  In some ways I am kinda surprised that you all don't offer this already, given that most of the technology these days is making it hard and harder to "spoof" things without trying to exempt things leveraging the x-Phish header.  I actually wonder (haven't tested it yet) if I were to turn on rigid DKIM enforcement, would the X-Phish header allow those emails to still be delivered (account for a proper configuration) or would DKIM rules be evaluated before any spam filter whitelist rules and everything would just get blocked anyway.   (we are a GSuite domain) 

   

   

  1

  コメントアクション Permalink
• 

  Walter Nelson 2020年09月29日 19:25

  Hi Gerry,

  Thanks for posting. I went ahead and created a feature request for this on your behalf. I know this has been requested in the past and is something we would like to do.

  0

  コメントアクション Permalink
• 

  Walter Nelson 2020年10月29日 14:20

  Hi Leonard,

  Thanks for contributing to the community board. I have gone ahead and added a +1 for you on this feature request as well.

  0

  コメントアクション Permalink
• 

  Walter Nelson 2020年12月02日 21:09

  Hi David,

  Thanks for the post I have added you as a +1 to this feature as well. I know this is something we are definitely looking into so hopefully, we can implement this feature for you.

  0

  コメントアクション Permalink
• 

  Walter Nelson 2021年04月13日 20:23

  Hi Bruce,

  I don't have any insight into if this is being implemented yet but this is very much something that is being considered. We have received many requests for this and it would be great if we can get this implemented. I added you to this feature request as well.

  0

  コメントアクション Permalink
• 

  Walter Nelson 2021年04月26日 20:19

  Hi Allyn,

  Thanks for posting to our community board. I have added you as a +1 to this feature request.

  0

  コメントアクション Permalink

サインインしてコメントを残してください。