DKIM (DomainKeys Identified Mail)

When starting with email marketing, it's essential to pay attention to DKIM. This isn't just a task for your tech team. It significantly influences whether your emails reach inboxes or end up in spam folders. Consider DKIM as your domain's signature on every email you send. Without it, mailbox providers such as Gmail or Outlook may doubt the authenticity of your emails.

What is DKIM?

DKIM, or DomainKeys Identified Mail, establishes a trustworthy link between the domains sending emails and the messages themselves using cryptographic authentication. Think of it as a digital wax seal that not only identifies the sender but also ensures the message remains unchanged during delivery.

This system uses asymmetric cryptography, which involves two keys: a private key that is safely kept on the sending server to sign each outgoing email, and a public key that is available in DNS for receiving servers to verify the signature.

When properly configured, each message contains a unique DKIM signature header that looks similar to this:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com; s=2021;
 t=1632735932; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
 h=From:To:Subject:Date;
 b=AuUoFEfDxTDkHlLXSZEpZj79LICEps6eda7W3deTVFOk4yAUoqOB4nujc3jUZipdMes0pOT8QTr
 TlaPuauPvCTvXoPnXOEJ+YbEgEgy4pkCqCsY/+IrbG7i3gQsKQhcS7Ls8H5jQx7xQmyfeKdE9pm8O
 1v5a8JxG8In4qFwreJA=

How Does DKIM Work?

It functions seamlessly in the background, ensuring that your emails are both trusted and free from tampering. When an email is dispatched via SMTP, the sending mail server generates a digital signature that verifies the message's authenticity and integrity.

Here’s a detailed overview of the process:

On the Sending Side:

  1. The server generates a hash of specific email headers along with the message body.
  2. This hash is then encrypted using a private DKIM key that is securely stored on the server.
  3. The resulting digital signature is appended to the email’s headers.

On the Receiving Side:

  1. The recipient's server reads the DKIM signature and retrieves the domain and selector information.
  2. It conducts a DNS lookup to obtain the corresponding public key (selector._domainkey.domain.com).
  3. Using this public key, the server decrypts the signature from the email.
  4. It recalculates the hash from the received message.
  5. Finally, it compares both hashes to verify that the message has not been altered during transit.

When the signatures align, the email is considered authentic, indicating that it comes from an authorized domain and that the content has not been altered since it was sent. This validation process is swift, usually requiring only milliseconds, and is crucial for the filtering decisions made by inbox providers.

The selector in DKIM serves as a pointer to the appropriate key. This functionality allows organizations to periodically rotate keys for enhanced security or to assign different keys to various email platforms, such as distinguishing between marketing tools and transactional systems, without disrupting email delivery. Hence, implementing DKIM is not just advisable; it is imperative.

Why Does DKIM Matter?

DKIM (DomainKeys Identified Mail) enhances the authenticity of your emails, fostering trust with email providers and your audience. It verifies that messages remain unaltered during transit, preventing tampering and blocking scammers from impersonating your domain without your private key. Leading email services, such as Gmail and Yahoo, utilize DKIM results to determine inbox delivery. Additionally, DKIM is vital for supporting DMARC policies, making it a critical component of email security and brand protection.

Frequently Asked Questions About DKIM

Does DKIM prevent spam?

Not directly, DKIM verifies authenticity, not content quality. However, properly configured DKIM makes it less likely that your emails will be marked as spam.

Can I have multiple DKIM keys?

Yes. You can use different selectors to manage multiple keys, especially if you're sending from multiple sources (e.g., your ESP and internal systems).

What happens if DKIM fails?

If DKIM fails, the email might still be delivered depending on the recipient's DMARC policy. But failing consistently can damage your sender reputation over time.

Send Consistent-looking & beautiful emails today!

Email communication is part of your product! Don't let it ruin your user's experience with your brand

Get started