Orbisius DKIM

Orbisius DKIM improves email deliverability by adding DKIM signature to outgoing emails that WordPress sends out.

Benefits of Using Orbisius DKIM

• Improve Email Deliverability: DKIM (DomainKeys Identified Mail) ensures your emails are trusted, making them less likely to end up in spam or junk folders.
• Increase Engagement: Authenticated emails have higher open rates and engagement since email providers trust and validate your domain.
• No Third-Party Services Required: You don't need an external email provider—Orbisius DKIM works directly with your WordPress site to sign emails.
• Easy Setup: Automatically generates DKIM keys. You need to configure the DNS records without the need for advanced technical knowledge.
• Brand Consistency: Customize the From name, email, and Reply-To fields for outgoing emails, ensuring your branding remains consistent.

Key Features

• Automatic DKIM Key Generation: Automatically generates a public-private key pair to sign your emails, ensuring they’re trusted by receiving mail servers.
• Override "From" Name and Email: Easily change the "From" name and email address for outgoing emails to match your branding.
• Customizable Reply-To: Set the Reply-To email address to manage email responses more effectively.
• DNS Configuration Guidance: The plugin provides clear, step-by-step instructions for adding the necessary DNS TXT records to your domain.
• Check Existing DKIM Records: Verify your current DKIM DNS setup directly within the plugin to ensure it’s correctly configured.
• Works with Any Hosting Provider: No need for third-party email services; works with any WordPress hosting environment that sends emails directly from the server.

How Orbisius DKIM Works

1. Install and Activate: Install the Orbisius DKIM plugin in your WordPress dashboard and activate it.
2. Generate Keys: The plugin automatically generates the DKIM key pair needed to sign your emails.
3. Set Up DNS Records: The plugin provides clear instructions for adding the required DNS TXT records to your domain.
4. Customize Email Fields: Override the "From" name, email address, and Reply-To fields to ensure your emails are aligned with your brand.
5. Emails Are Signed: Once everything is set up, all your outgoing WordPress emails will be signed with DKIM, ensuring they're trusted by email providers.

DNS Terms You Need to Know

To set up DKIM, you’ll need to configure DNS records for your domain. Here are the key terms:

• DKIM Selector: A unique identifier used to find your DKIM public key in DNS, ensuring the email is correctly signed.
• TXT Record: A DNS record type that holds DKIM information, including the public key used to verify your email signatures.
• Domain: The domain that will sign your emails (e.g., yourdomain.com).
• Public Key: Part of the DKIM record added as a TXT record to your DNS.
• Private Key: The secret key used to sign outgoing emails. This is securely stored on your server.

SPF/DKIM/DMARC FAQ

Are SPF Records Strictly for Email?

SPF (Sender Policy Framework) records are indeed designed for email authentication, but there’s some important nuance to understand. They don’t validate the domain itself; rather, they specify which mail servers are authorized to send emails on behalf of a domain. This helps prevent email spoofing, but it’s just one piece of the puzzle in email security.

Breaking Down SPF’s Purpose and Limitations

1. SPF Records Don’t Prove Legitimacy
   A domain owner can add an SPF record, but that doesn’t mean the domain is trustworthy. Spammers and bad actors can create SPF records just as easily as legitimate senders. SPF only ensures that the email originated from an approved mail server—it does not verify the sender’s reputation or intent.
2. SPF Doesn’t Validate the Domain Itself
   SPF only checks whether a mail server is authorized to send emails on behalf of a domain. It does not provide any authentication of the domain itself. That’s why SPF is usually combined with DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance) for more comprehensive email security.
3. SPF Has Been Deprecated as a Separate DNS Record Type
   While SPF records were once their own DNS record type, they have since been deprecated in favor of storing SPF rules within a TXT record. Some DNS providers, such as Cloudflare, no longer support the dedicated SPF record type.
4. How SPF Works in Practice
   When an email is received, the recipient’s mail server compares the sender’s IP address to the list of authorized mail servers in the SPF record. If the IP doesn’t match, the email is likely forged and can be rejected, marked as spam, or subjected to additional scrutiny.
5. SPF Alone is Not Enough
   While SPF helps prevent spoofing, it doesn’t stop phishing attacks entirely. Since it doesn’t validate the sender’s legitimacy, it should be used alongside DKIM and DMARC for stronger security.

Common Misconceptions About SPF

• “SPF prevents all email spoofing” → Not entirely. It prevents spoofing when a fraudulent sender tries to impersonate an email address from your domain, but it does nothing to stop attackers from spoofing your domain name in the "From" field if your SPF policy is not enforced with DMARC.
• “SPF validates the domain” → No, SPF only checks the sending mail server, not the domain’s integrity or reputation.
• “SPF is a standalone solution” → SPF should be combined with DKIM and DMARC for complete protection.

SPF is a useful tool, but it’s not a silver bullet for email security. If you're setting up email authentication, make sure to implement SPF, DKIM, and DMARC together for the best protection against spoofing and phishing. Also, ensure your SPF record stays up to date to avoid email delivery issues.