Google has taken a step to stop legitimate email messages sent by its Apps customers from getting caught in spam filters.
Administrators for Google Apps can now enable digital signing of those messages, which helps recipients verify that the messages came from a known, vetted sender, wrote Adam Dawes, a Google Enterprise product manager on a company blog.
[ InfoWorld's Ted Samson says Google Apps integration boost spells trouble for software vendors. | Also on InfoWorld: Microsoft says they are more enterprise-ready than Google Apps. | Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in InfoWorld editors' 21-page Cloud Computing Deep Dive PDF special report. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]
The system uses DKIM, or DomainKeys Identified Mail, which verifies the domain name through which a message was sent by analyzing the message's cryptographic signature. If the message comes from a domain that is considered reputable, it won't be filtered out.
Some users of Google Apps have complained their email from their custom domain has been blocked even if they have set up a proper Sender Policy Framework (SPF) record. The SPF record allows a domain owner to specify which hosts are allowed to send mail for their domain.
A SPF record makes it more difficult for spammers to simply forge the "from" address in an email message since the recipient will check the SPF record and filter inconsistent ones out.
Google has used DKIM and DomainKeys, another email authentication method, for its Gmail customers for outbound email since 2004.
In 2008, Google worked with eBay and PayPal to ensure messages from those organizations were always properly signed, due to the high prevalence of phishing emails. All unsigned messages purporting to be from those organizations are blocked.
DKIM is free for Google Apps users. Administrators can turn it on by going to the control panel and then to the "advanced tools" tab, Dawes wrote.