Mailout DKIM policy evolution

For a long time, Mailout mailings have had a reliable and secure DKIM policy, provided that the sending domain has followed the configuration recommended by our services.

Today, Altospam is upgrading this policy, for three main reasons:

1. Firstly, we are modifying the selector. A DKIM policy is defined by a domain and a selector. The selector, a simple character string, determines the address of the DKIM record, and must be unique for a given domain. Historically, we had chosen to use the “mail” selector, which was perfectly consistent with our business. Unfortunately, we realized that it wasn’t specific enough. Other services used by our customers also use this selector, which could have caused implementation difficulties. The new selector we’ve chosen is very specific, and there’s little chance of it being present in any other service.
2. Secondly, the recommended configuration now calls for the use of a CNAME record pointing to an “altospam.com” domain record, rather than a simple TXT record. This will enable us to evolve this signature, without having to request any modification on the client side. This means we can react quickly to any need to update the signature, without delay.
3. Thirdly, we have renewed and increased the security of the public key from 1024 to 2048 bits, which corresponds to the value recommended in DKIM best practices.

Mailout customers can directly find the configuration elements for this DKIM modification in their customer interface, Mailout / SPF/DKIM/DMARC section, DKIM tab. The new record is available there and can be copied directly to your DNS manager.

Once the new record is in place on the DNS side, the interface will tell you that the signature has been recognized and can be set up on the mailout side.