Beatriz Redondo Tejedor

// Head of Content

Sometimes, email marketing may seem like an endless puzzle of acronyms—APIs, CTAs, CTRs… so, by the time an opportunity to set up DKIM comes along, how are you supposed to know what it means?

Have no fear—we’re here to help you understand. Originally developed at Yahoo!, DomainKeys Identified Mail has become a global standard in email security and is, together with its sister SPF, an absolutely necessary tool for anyone serious about mailing, especially anyone sending blast emails. In this post, we’ll show you how to set up DKIM and make your outgoing email more secure.

What is DKIM?

DomainKeys Identified Mail, or DKIM, is an authentication protocol that links a domain name to a message. The protocol allows you to sign your email with your domain name. The purpose of the DKIM protocol is not only to prove that the domain name has not been falsely used by others, but also that the signed message has not been altered during transmission.

How does DKIM work?

Using DKIM is quite simple. It relies on asymmetric encryption and therefore works with any tool developed for that purpose. First, you have to generate a private/public key pair. Then, you have to enter the public part of the key as a TXT record to the domain that’s used as the sender address. The private key is then used to create a DKIM signature for each email message. The signature is basically a hash code, and is computed by taking the content of the email and combining it with the private key using a security algorithm. The signature is then saved as a header field of the email.

When a receiving SMTP mail server detects a signature header, it looks up the public part of the key by asking the domain name system (DNS) for the TXT record. One of the beauties of public key cryptography is that the keys are like brothers: they share DNA. Using the public key, anyone can tell whether the email was sent by the owner of the domain or not. If this validation check fails or if the message header – and therefore the digital signature – does not exist, many different email service providers (including major ones like Gmail and Outlook) raise an alarm and may, depending on the volume of email sent, decide to mark this email as spam or even to block the sender IP address.

Why should you use DomainKeys Identified Mail?

The main reason you should use DKIM verification is pretty simple: along with SPF and DMARC, these are the main email authentication methods for verifying the identity of senders. They’re some of the most effective ways to prevent phishing and spoofing, like keeping scammers from posing as legitimate email senders and domain owners and impersonating their identities using the same domain name.

But this is not DKIM’s only advantage. In fact, the implementation of these protocols improves email deliverability. Thanks to these protocols, your emails will be better identified by ISPs (Internet Service Providers) and your recipients’ email clients, which improves the chances of your emails reaching your contacts’ inbox and not the spam folder.

These protocols have become the standard in the email world. A message sent without DKIM and/or SPF may be considered suspicious by the different email analysis tools.

Want to know more about deliverability best practices? Download our guide now!

Banner Email Deliverability

How to set up DKIM in 3 simple steps

1.  Setting up: Configuration of DKIM to generate the key pair

The tool of choice depends on your operating system. For Microsoft Windows you can use PUTTYGen (here is a tutorial), for Linux and Mac, you can use ssh-keygen (Github has an excellent tutorial).

2. Placing the public key as a TXT record in the DNS settings

We have provided a list of DNS providers together with links to official and third-party documentation. They can help you with TXT and DNS record setup:

 

With some DNS providers the setup can be quite tedious, but we would be glad to help you out. Just contact our support!

3. Generating and saving the signature

When using Sendmail or Postfix (the world’s two most popular SMTP servers), or any other SMTP server that supports milter, you can use a special milter ( = email filter), the DKIM milter. This milter has been released by Sendmail as Open Source and allows to sign email headers with a generated private DKIM key. For more information, please have a look at its extensive documentation.

How to set up DKIM with Mailjet

To define Mailjet as a legitimate sender for email providers, you must configure your SPF records and DKIM records for each of your sending domains.

Setting up DKIM with Mailjet is very simple. Mailjet gives you the public key to register through your website host interface. There, you can integrate the public key into your registration area.

Here’s an example of how to do it:

set up DKIM guide

Don’t worry – if you need help, you can find all the necessary information and step-by-step processes in our documentation. It’s so complete, it even includes support guides for each of the main hosting providers (OVH, Gandi, Cloudfare, Hostgator…). Go forth and conquer DKIM!

Wrapping up

So there you have it. Hopefully, DKIM doesn’t seem too hard-to-follow anymore. Now that you know what it is, and how to implement it, you can start winning the email game like a champion.

At Mailjet, we want you to get the most value out of your email strategy. Sign up to our newsletter to keep up with the latest email trends and never miss important email news!

Create and send your email campaigns with Mailjet
Easily create and send amazing emails and reach the inbox with Mailjet. Optimize your email marketing strategy and increase your ROI.

Create your account now

***
This is an updated version of Gabriela Gavrailova’s blog post “How To Set Up DKIM In 3 Simple Steps” published on the Mailjet blog on March 13, 2014.