Welcome back to our series on email authentication. If you haven’t already done so, please check out:
This will help you understand the terminology. It will also explain the different types of email authentication you can use, and why you need to do so.
Now, without further ado, let’s look into the second authentication method: DKIM.
1. What is DKIM?⚡ #
Back in the day, important letters were closed with a wax stamp. If the seal of a letter was broken, you’d know it had been tampered with, or opened.
DKIM (Domain Keys Identified Mail) is the modern version of the wax seal: it is a stamp of authenticity.
It allows the recipient server to see that your message was legitimate when it left your outbox. It also confirms that it is legitimate when it lands in their inbox.
2. How does it work?⚡ #
Every dispatching email server has a two-part DKIM:
- Private Key
- Public Key
The receiving server only accesses the public half. The private half is stored, securely, on an automated system.
When you receive an email, your server looks up all the signatures it has in its Domain Name Server (DNS). If the new email has a signature which matches those in your DNS, the server is happy. If not, the email will bounce, or head to spam.
3. How do I set up a DKIM record?⚡ #
- Login to your Email Service Provider (ESP) account. This might be a site like Klaviyo or MailChimp, for example, or it might be Outlook or Google Workspace
- Go to ‘Domain’ or ‘Email authentication settings’
- Search for ‘DKIM settings’, ‘DKIM’, or ‘DomainKeys’. All platforms use different wording, but it will be similar to this
- Click the button that says ‘Generate DKIM keys’. It will give you a DKIM record. Copy and paste it into a file on your computer to save it
- It will also give you a DKIM selector; copy and paste this, too
- Open a new browser tab
- Login to your Domain Registrar account
- Go to DNS settings. You should find a list of DNS records. Click ‘Add new’
- Select TXT record
- In the ‘Host’ or ‘Name’ field, paste your DKIM selector
- In the ‘Value’ field, paste the DKIM record. (e.g. dk5182-3458.__domainkey.mydomainexample.com)
- Click ‘Save’
- Return to your ESP account, and look for a button called ‘Enable DKIM’, or similar. Click this
- You’ll need to give your records up to 48 hours to get to grips with the new information. It should only take a few hours. You can check after a few hours, by using a DNS checker, which you can find online
4. What should the DKIM look like?⚡ #
default._domainkey.example.com TXT ‘v=DKIM; k=rsa; p=MIGfMA0GCSqGSIb3EUAC…
5. KEY⚡ #
HOST/NAME Section:
- Default – the selector (a unique identifier for the DKIM key
- _domainkey – a subdomain, to signal that this is a DKIM recor
- example.com – the domain name associated with the email
Record Type Section
TXT – because the record is stored in TXT form.
VALUE/DKIM Policy String
- v=dKIM1; – specifies the version. For this input it will always be DKIM1
- k=RSA; – Specifies the key type. RSA is most common
- p=MIGfMA0GCSqGSIb3EUAC… – the public key, used to verify signatures. The private key is stored securely on the email server.
⚡And you’re good to go! #
But if you want to know more, or if you want to collaborate with a winning team, contact us today. We’ll see what we can do to make your marketing unstoppable.
