How to Set Up DKIM?
To set up DKIM and have your email authenticated, there are certain steps to follow. Learn about them in this article.
DKIM stands for Domain Keys Identified Mail. It is one of several email authentication methods you and your business can use to protect yourself and your prospects from spam and malware.
In today’s article, we’ll go over how to set it up correctly to ensure that everyone you send emails to, and you, are protected.
Ultimately, this will also make it far more likely that you end up in your prospect’s inboxes and not in spam.
Let’s dig in.
In today’s article, we’ll go over how to set it up correctly to ensure that everyone you send emails to, and you, are protected.
Ultimately, this will also make it far more likely that you end up in your prospect’s inboxes and not in spam.
Let’s dig in.
What is DKIM?
DKIM is an email authentication method designed to verify the authenticity and integrity of email messages, allowing the recipient of an email to check if an authorized sender sent it and if it has been modified during transit.
DKIM uses public-key cryptography as opposed to IP addresses or reputation like SPF (Sender Policy Framework) does.
To authenticate your email, DKIM focuses on using a digital signature in the email headers of all outgoing emails. The digital signature and the outgoing email are then validated using the public cryptographic key found in a company’s DNS (Domain Name System) records.
They are essentially instructions in text, or TXT format, stored on the server.
For DKIM to work, companies must add private and public keys as a TXT record. It is this public record that your prospect’s ISP (Internet Service Provider) will use to verify the validity of your signature and email.
They compare the public and private keys, and if they do not match, the email is blocked or goes to spam. If the keys match, the email goes through, and your prospect receives your contact.
But this is just one reason to set up DKIM – as we will see, there are many advantages to doing so.
DKIM uses public-key cryptography as opposed to IP addresses or reputation like SPF (Sender Policy Framework) does.
To authenticate your email, DKIM focuses on using a digital signature in the email headers of all outgoing emails. The digital signature and the outgoing email are then validated using the public cryptographic key found in a company’s DNS (Domain Name System) records.
They are essentially instructions in text, or TXT format, stored on the server.
For DKIM to work, companies must add private and public keys as a TXT record. It is this public record that your prospect’s ISP (Internet Service Provider) will use to verify the validity of your signature and email.
They compare the public and private keys, and if they do not match, the email is blocked or goes to spam. If the keys match, the email goes through, and your prospect receives your contact.
But this is just one reason to set up DKIM – as we will see, there are many advantages to doing so.
Why do I Need to Set Up DKIM?
The first thing to note is that it is becoming more and more common for ISPs to incorporate email authentication without the need for companies or individuals to invest in additional applications or protective software.
If you want your email or newsletter to land in an inbox and not spam, it is a good idea to consider setting it up.
And you don’t need to have another authentication method already in place to set DKIM up.
But there are additional advantages to setting up DKIM:
Firstly, while SPF is an excellent email authentication method, DKIM is a set above as it relies on encryption methodology and not just IP. You learn more about your company’s DNS records and provide more protection for both you and your prospects from spoofing and spam.
It also helps you keep track of information. Due to the tracking being through a digital signature which is part of the email header, information is not lost when emails are forwarded. Your authentication method thus remains consistent and visible every time it's forwarded. And it will continue to avoid falling into spam as a result, too.
DKIM also prevents spammers from changing the source addresses of your message. While it does not filter or identify spam, it still protects you and your prospects from spoofing and spam.
There are some limitations to keep in mind, of course. Mainly, it cannot provide instructions to email servers and ISPs about how to treat an incoming email if the authentication checks aren’t verified satisfactorily.
For that, and to further improve your deliverability, you need to look into setting up DMARC.
Regardless, if you’re sending out many emails or newsletters in 2023, and you want to:
You need to have at least one email authentication method set up. And you don’t need to bug your IT team to do so – it is straightforward to do so yourself!
If you want your email or newsletter to land in an inbox and not spam, it is a good idea to consider setting it up.
And you don’t need to have another authentication method already in place to set DKIM up.
But there are additional advantages to setting up DKIM:
Firstly, while SPF is an excellent email authentication method, DKIM is a set above as it relies on encryption methodology and not just IP. You learn more about your company’s DNS records and provide more protection for both you and your prospects from spoofing and spam.
It also helps you keep track of information. Due to the tracking being through a digital signature which is part of the email header, information is not lost when emails are forwarded. Your authentication method thus remains consistent and visible every time it's forwarded. And it will continue to avoid falling into spam as a result, too.
DKIM also prevents spammers from changing the source addresses of your message. While it does not filter or identify spam, it still protects you and your prospects from spoofing and spam.
There are some limitations to keep in mind, of course. Mainly, it cannot provide instructions to email servers and ISPs about how to treat an incoming email if the authentication checks aren’t verified satisfactorily.
For that, and to further improve your deliverability, you need to look into setting up DMARC.
Regardless, if you’re sending out many emails or newsletters in 2023, and you want to:
- Protect your prospects from spam.
- Protect yourself from spoofing.
- Land in the inbox instead of spam.
- Be competitive in the world of cold email and newsletters.
You need to have at least one email authentication method set up. And you don’t need to bug your IT team to do so – it is straightforward to do so yourself!
Setting Up DKIM - Step by Step
Setting up DKIM has become much more accessible over the years, especially as ISPs take email authentication and protecting their users more seriously.
An example of ISPs taking email protection more seriously is that as of November 2022, Gmail has it as part of all its Google Workspaces: you can learn how to set it up.
But the path to successfully set up DKIM on any ISP is always quite straightforward:
An example of ISPs taking email protection more seriously is that as of November 2022, Gmail has it as part of all its Google Workspaces: you can learn how to set it up.
But the path to successfully set up DKIM on any ISP is always quite straightforward:
Create Public & Private DKIM Keys
Assuming you have a list of all of your sending domains from which you send mass communications and also for internal use, you can begin creating the public and private DKIM keys.
Google if your ISP already provides them for you, as is the case with Gmail we saw above, or if you need to rely on an external DKIM wizard to provide them.
If you do this manually, you may need to assign selector names to your key pairs. These inform email servers where they can find the public key of each domain to check if they match.
The best way to do this is to make the selectors describe what that domain sends. For example, “marketing” or “newsletter” for your email marketing domain or “sales” for your cold email domain.
Google if your ISP already provides them for you, as is the case with Gmail we saw above, or if you need to rely on an external DKIM wizard to provide them.
If you do this manually, you may need to assign selector names to your key pairs. These inform email servers where they can find the public key of each domain to check if they match.
The best way to do this is to make the selectors describe what that domain sends. For example, “marketing” or “newsletter” for your email marketing domain or “sales” for your cold email domain.
Publish the Public DKIM Key as TXT Record in Your DNS Settings
Once you have your keys, you need to publish the public key as part of your Domain record in the TXT format.
The private key must be stored wherever your ISP or DKIM system suggests.
Typically, the record will look something like: (selector)._domainkey and this is what you add to your DNS.
If you do not add this correctly, or if there are any issues, your two keys will not match, and your emails will not be authenticated correctly.
Additionally, check if you have any other steps required by your ISP or your DKIM installer.
The private key must be stored wherever your ISP or DKIM system suggests.
Typically, the record will look something like: (selector)._domainkey and this is what you add to your DNS.
If you do not add this correctly, or if there are any issues, your two keys will not match, and your emails will not be authenticated correctly.
Additionally, check if you have any other steps required by your ISP or your DKIM installer.
Generate & Save DKIM Signature
The next step is to set up the email signature for each domain you’ve created keys.
As this is mass emailing, it is a good idea to remember the basic tenets of avoiding landing in spam: no bold, no italics, no caps, no images, no spam-trigger words, and no links.
Keep your signature as simple as you do your email body.
This is the signature that will then follow each of your email messages and serve to identify and authenticate you as a non-spammy sender.
As this is mass emailing, it is a good idea to remember the basic tenets of avoiding landing in spam: no bold, no italics, no caps, no images, no spam-trigger words, and no links.
Keep your signature as simple as you do your email body.
This is the signature that will then follow each of your email messages and serve to identify and authenticate you as a non-spammy sender.
Test & Verify Your DKIM Set Up
Finally, it is always important to test before doing any mass sending.
Check out your SPF/DKIM with a checker. This will let you know if the changes have been made successfully, but give yourself time: it can take up to 48 hours for the changes to take effect.
If they still do not, you may have done one of the following:
Check out your SPF/DKIM with a checker. This will let you know if the changes have been made successfully, but give yourself time: it can take up to 48 hours for the changes to take effect.
If they still do not, you may have done one of the following:
- Too many records with the same selector and domain key: email servers will reject your DKIM records as invalid in this case as it becomes suspect that there are so many, so you want to make sure you have one record per server.
- Wrong DKIM record name: sometimes, a DNS host will automatically add your domain at the end of the TXT record, which can be incorrect, so if you entered it manually, check for an extra “.domain” on your record.
- Private or public key issues: anything from one being missing to one being misconfigured can fit here. Fortunately, it is an easy fix: simply regenerate the pair and re-add the record.
Conclusion
Email authentication is the name of the game for cold email and marketing in the 2020s.
If you do not have at least one method set up, not only are you yourself at risk, but you are also losing out on potential clients and revenue because you are not landing in their inboxes.
Use our guide to set up DKIM and land in those all-important inboxes, always.
And if you want further to ensure the health score of your email, try out Unfiltered!
If you do not have at least one method set up, not only are you yourself at risk, but you are also losing out on potential clients and revenue because you are not landing in their inboxes.
Use our guide to set up DKIM and land in those all-important inboxes, always.
And if you want further to ensure the health score of your email, try out Unfiltered!
Related articles
