What is a DKIM record?
A DKIM record is a specially formatted DNS TXT record; it stores the public key the receiving mail server will use to verify a message’s signature.
A DKIM record is formed by a name, version, key type, and the public key itself, and is often made available by the provider that is sending your email.
How DKIM works
DKIM uses public key encryption to check email. The sending email service generates a string of characters known as a hash using the content of each outbound email. The sending service then encrypts the hash with its private key and adds it to the email header. This is the DKIM signature.
The receiving email service looks up the public key in the sender’s DKIM DNS record then uses the public key to decrypt the DKIM signature on the email. It also generates a hash of the email in the same way the sending email service did.
If the hash matches the decrypted DKIM signature then the email passes the DKIM check. This means the email came from where it says it came from and has not changed in transit.
Most email services will automatically check DKIM on inbound email, but you should check to make sure it’s enabled.
You need a separate DKIM key and DNS entry for each service you send email from. In addition to your own mail servers, you might also need to consider third-party applications and services that send mail on your behalf.
Key reasons why DKIM is important
- It confirms your legitimacy as a sender Spoofing email from trusted domains is a popular technique for malicious spam and phishing campaigns, and DKIM makes it harder to spoof email from domains that use it. While DKIM isn’t required, having emails that are signed with DKIM appear more legitimate to your recipients and are less likely to end up in the junk or spam folders.
- It helps build your long-term reputation An additional benefit of DKIM is that ISPs use it to build a domain reputation over time. As you send email and improve your delivery practices (low spam and bounces, high engagement), you help your domain build a good sending reputation with ISPs, which improves email deliverability.
While it’s important to understand what DKIM does, it’s also important to be clear about what it doesn’t solve. Using DKIM will make sure your message hasn’t been altered, but it doesn’t encrypt the contents of your message.