DKIM

Search knowledge

Browse topics written especially to help answer common question.

Table of Contents

You can run a free email test at MailGenius.com to validate your DKIM record before sending out your next email campaign.

What is DKIM?

DKIM (Domain Keys Identified Mail) is one of the most complicated fundamental components of email authentication that helps protect email senders and recipients from spam, spoofing, and phishing.

It allows a company to vouch for their email’s authenticity in a way that can be validated by the recipient’s mail servers. DKIM uses “public key cryptography” to verify that an email was sent from an authorized mail server on behalf of a domain.

How does DKIM work?

Simply put, DKIM works by adding an encrypted digital signature to the header of an email.

After the email is sent, the receiver’s mail filters decrypt the DKIM signature and determine if it matches the original TXT record in the sender’s DNS settings. They’re validating that parts of that email (i.e. message body and attachments) haven’t been compromised during transit.

Why is DKIM important?

If you are a business that sends commercial or transactional emails, it’s critical to use both SPF and DKIM. Not only will these protocols protect your business from phishing and spoofing attacks, but SPF and DKIM ultimately help protect your customer relationships and brand reputation. However, these are only just a few of the many steps you can take to ensure business-critical emails reach your customers’ inboxes on time and don’t end up in spam folders.

Note: The problem with DKIM is that because it’s more difficult to implement, fewer senders have adopted it. This inconsistent adoption means that the absence of a DKIM signature does not necessarily indicate the email is fraudulent.

How does DKIM affect email deliverability?

Adding a DKIM signature to your email’s header adds another layer of authenticity to your campaigns. DKIM, along with SPF and DMARC make up the dream team trio of email authentication and security. Together, they work in synergy to prevent email spoofing and make your emails more trustworthy.

How to set up DKIM

Setting up DKIM is also a fairly easy task and can be done in a few simple steps depending on your mail server. Be sure to ask your service provider prior.

  1. Take note of all the domains in your organization used to send emails
  2. Install the DKIM package that is specific for your mail server
  3. Create a public and private key pair
  4. Create a DKIM TXT record to publish the DKIM selector and your public key
  5. Save your private key accordingly to your DKIM package
  6. Configure your mail server to make sure that DKIM is up and running
  7. Run a free MailGenius test to check!

You can also learn how to create your own DKIM record here with ReturnPath.

How to validate your DKIM record

You can also test DKIM by sending an email to a Gmail account.

  1. Open the email in the Gmail web app
  2. Click on the down arrow next to the “reply” button (top right of email)
  3. Select “show original”. In the original, if you see “signed-by: [your domain name]” then your DKIM signature is good!

What does the MailGenius email test tool cover with regards to DKIM?

  • no_dkim_record – DKIM DNS Record existence
  • dkim_not_verified – DKIM Verification
  • generic_dkim – DKIM Signature from Author’s / From Envelope domain

Caveats, things to watch out for:

The elements included in the DKIM signing process must remain unchanged in transit: If an email is forwarded from Yahoo to Gmail, Yahoo may add a line of text at the top of the email (e.g. “forwarded by Yahoo mail”). At that point, the body of the email has been changed and, if the body was included in the DKIM signing process, the DKIM authentication will fail for the forwarded email.

MailGenius Tips and Tricks

The security community recommends regularly changing the encrypted tokens of your DKIM records to enhance the security of your authentication configuration. The typical schedule for rotation is at least once every 12 months.

There are multiple ways to perform rotation, but the two most common are:

Additional Resources

  1. Understanding SPF and DKIM to Improve Email Deliverability- Spark Post
  2. What Is DKIM?- SparkPost
  3. How to Explain DKIM in Plain English- Return Path
  4. DKIM: Everything You Need to Know About Digital Signatures- EmailonAcid
  5. DKIM: What is it and should you configure it?- SecurityTrails
  6. Get Your Questions Answered by Real Email Experts – LearnEmail.com