Beginning February 2024, Gmail and Yahoo will require DKIM and a published Domain-based Message Authentication, Reporting & Conformance (DMARC) for anyone sending more than 5,000 emails to Gmail or Yahoo addresses in a 24-hour period.
To prevent your emails from bouncing, we strongly recommend configuring your domain with a DKIM record for OpenCRM and a basic DMARC record.
What is DKIM
DKIM stands for DomainKeys Identified Mail and is used for the authentication of an email that’s being sent. It is a stronger version of SPF which requires a little additional setup.
OpenCRM needs to be able to prove that it is allowed to send an email on your behalf by signing your emails with a key which matches one setup on your domain. (The difference with SPF is that you just tell your domain that OpenCRM's server is allowed to send on your behalf).
Additionally DKIM allows the receiving server to prove that the email has not been changed between it leaving OpenCRM and arriving at it's recipient's mailbox.
Some config is needed to setup the DKIM keys in OpenCRM and the matching key in your domain.
This is achieved using a public and private key pair, the public key is added to your DNS so mail servers and clients can confirm the email hasn't changed, and the private key is stored encrypted in your OpenCRM system
The private key is used to generate the signature based on the content of the email, the public key is used to verify it but can't be used to sign it
As the private key can only be held on systems authorised to send emails this also verifies that the email came from a trusted source
An additional level of security called DMARC allows you to specify on your domain that ALL emails sent from your domain must be DKIM signed. If you have this setup or don't but would like to, then it is important that you setup OpenCRM with DKIM.
- Configuring your domain for OpenCRM (Emails).
- DKIM for OpenCRM
- SPF for OpenCRM