In this article, we’ll learn about DKIM and how to correctly configure DKIM protocol for your domain to enhance email deliverability and security.
DomainKeys Identified Mail or DKIM is an anti-tamper protocol that ensures the security of your emails. DKIM protocol uses digital signatures to confirm whether the email was sent by an authentic sender.
The first DKIM action occurs on the server that sends a DKIM signed email, while the second takes place on the recipient server that checks DKIM signatures on incoming emails. The entire process is made possible by a pair of private and public keys.
The private key is kept secret and safe either on your own server or with your ESP. The public key, on the other hand, is added to the DNS records of your domain to broadcast to the world and help verify your emails. This is done by providing a digital signature for the email. Once the receiver verifies that an email is signed with a valid DKIM signature, it’s clear that the integrity of the email is preserved.
Now that you have a brief idea of DKIM, let’s learn how to implement the same.
DKIM configuration has three simple yet major steps.
- Generate a public domain key for the concerned domain.
After you have decided the list of domains that you want to implement DKIM for, create a public key for the concerned domain. A selector name will have to be specified for your key pairs. It acts like a map for the receiving email server.
2. Add the public key to the DNS entries for that domain.
This key can be used by email servers to validate DKIM signatures in your messages. After you have created the keys, you will need to add the pair of keys to your DNS for the selected domains. It will be a TXT record with some value.
- Sign in to your DNS management console.
- Locate the page where you update DNS records.
- Add a TXT record:
In the first field, enter the DNS Host name.
In the second field, TXT record value.
- Save your changes.
These changes will take a day or two to reflect.
3. To begin applying a DKIM signature to all outgoing messages, enable DKIM signing.
After completing steps 1 and 2, enable DKIM signing by checking the box available on your DNS on all outbound emails for your domain. You can also test your DKIM set up by sending a test email or using EmailAuth’s free DKIM record lookup tool.
Published by Pintu Bhatt