DKIM (Domain Keys Identified Mail)

DKIM is the acronym for DomainKeys Identified Mail. It is an authentication protocol used to validate sending domain names with email messages. DKIM protocol allows email senders to identify the domains that belong to them, thus protecting brand and reputation. This controls spoofing and phishing of your domain name i.e. other senders cannot send emails pretending to be coming from your domain.

DKIM uses cryptographic authentication by inserting a digital signature into the email message header which is later verified by the receiving host to validate the authenticity of the senders domain. The DKIM digital signature is created using a unique string of characters encrypted as the public key and stored in your DNS. When a recipient gets your email signed by DKIM, the public key is retrieved from the DNS Records of the sender and is decrypted to authenticate the senders domain

Creating a DKIM Record

  1. Identify domains: Make a list of domains that would be sending outbound emails
  2. Create public/private keys: The ‘public’ key will be used in your public-facing DNS TXT record along with what’s called a ‘policy record’. The ‘private’ key will be used on your sending MTA (Mail Transfer Agent / Relay). The sending MTA will add the private key to the email message header for identification and validation by the receiving domain (mail client) by way of the public key. Most hosting service providers will help you create DKIM records using guided wizards / tools.
  3. Create TXT Record: Using the DKIM information generated by tools / wizards, create the TXT record in the public-facing DNS record. Note that you need to create DKIM records for each of the sending domains you have identified earlier.
  4. DKIM Supported by MTA: Be sure that your sending MTA supports DKIM records. If not, upgrade your MTA to support DKIM

DKIM Records have certain limitations. DKIM verifies only the senders identity but does not verify the message content. Since email content is also one of the important factors of email delivery, DKIM does not completely guarantee high inbox deliverability.

For more information on DKIM records, you can always visit: http://www.dkim.org/