Why do you need a DKIM signature: how to use DKIM record generator?
DKIM (DomainKeys Identified Mail) technology calculates fake email addresses and helps to fight spam and theft of personal data (logins, passwords). DKIM adds a digital signature to the letter. Thanks to it, mail providers (Mail.ru, Gmail) can check that the message came from your domain.
DKIM signature is a TXT record that needs to be added to the site’s DNS zone settings. The entry itself looks like this:
us._domainkey TXT k = rsa; p = XXXXXXXXXXXXXXXXXXXXX
Where XXXXXXXXXXXXXXXXXXXX is a unique code that can be generated in the mailing service. You can use the DKIM record generator on EasyDMARC and add it to your site.
Why do you need a DKIM signature?
DKIM protects against scammers
DKIM signature will prevent fraudsters from sending emails on behalf of your domain. Together with SPF and DMARC, this technology protects your subscribers and your newsletters. Does your domain have a valid SPF record? Use the SPF record check to find out.
DKIM improves deliverability
DKIM improves domain reputation. Using DKIM, the receiving server determines the sender’s identity and overall rating. Emails with a good reputation are more likely to end up in your Inbox.
DKIM works like a passport: you show it to the postal provider, and it lets you into the inbox.
DKIM gives access to postmasters
Postmasters are postal services for mailing analytics. They help track deliverability, openings, unsubscriptions, and spam complaints. To connect statistics in the postmaster, you must have email authentication configured. DKIM is one of the components of email authentication.
How to set up a DKIM signature?
The DKIM setup process may differ depending on the email service. But, as a rule, it includes the following steps:
Create Your Own Selector
A domain can have multiple public keys if it has more than one mail server: each mail server has its own private key, which matches only one public key. A selector is an attribute in the DKIM signature that helps the recipient server find the correct public key from the sender’s DNS.
Generate a Private / Public Key Pair
The domain and selector are the input data used to generate a key pair, which consists of the public and the private key. The public key is used in the DNS TXT record, whereas the private key is used for the sending MTA.
The MTA uses the private key to hash headers (h=) and the body (bh=) of the outbound email. The private key is kept on the server and never leaves. When an email with DKIM arrives, a receiving mail server makes a DNS query to get the public key. The server uses it to build its own hashes and then compares them with the ones received. If there’s a match, the email is let in.
Add a DKIM record to your Domain
Once you receive the public key, add it to your DNS records. The process may differ depending on your hosting provider.
DKIM signature verification
After you have finished configuring the DKIM signature, you can check if it is configured correctly. To do this, you can use the free tool of EasyDMARC. EasyDMARC provides a complete report on deliverability and also checks email authentication settings.
How to test if DKIM was configured properly?
Once DKIM is added, make sure that you validate it with an online DKIM analyzer. You can also just send a test email to your Gmail or Yahoo account and verify yourself if a message came with your DKIM signature. Once the message arrives, expand the header with the triangle icon below the sender’s name. If the sender’s domain appears for both ‘mailed-by’ and ‘signed-by’, the message was verified successfully with DKIM.
You can also click on the three dots in the top-right corner and “Show Original”. Here you’ll see the result of DKIM authentication. If it comes with the word ‘PASS’ and your domain address, everything works fine. If you send an email from Gmail and don’t set up a DKIM authorization, Gmail will assign a default one. Such a message is also authenticated but not as effective as it would be with your individual DomainKeys Identified Mail setup.
Email spoofing is a fairly common problem. To protect their users, email providers use a variety of methods that check the trustworthiness of the sources of incoming messages.
DKIM is one of the email authentication methods. We strongly recommend using a DKIM signature to authenticate emails from your domain. Thanks to DKIM, your domain will be marked as trustworthy, and your emails will not end up in spam.
Although you will have to spend some time sorting out all the settings, in the end, you will find that it was worth it.