- What does DKIM mean and what is it?
- What does the DKIM record look like?
- What are the parts of the DKIM record?
- How does it work?
- Why do I need to use the DKIM?
- Is this a record that needs frequent updating?
- Additional Resources
What does DKIM mean and what is it?
DomainKeys Identified Mail ( DKIM ) is a DNS text record on the “from” domain used in the mailing.
If the DKIM record passes that tells the receiving server that the message sent is the same message that was received.
What does the DKIM record look like?
scph0850a._domainkey.email.companyname.com. IN TXT "v=DKIM1\; k=rsa\; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANPGCp2w2tqggd/UaJy7T1fCCXUPQaUcSqFbF6oBfIqztfz1wdw0CO7/OY6FHiUPQaUcSqFbFqfxnfAu811vzo5UPQaUcSqFbFWkPR3cNs/31AwEAAQ=="
What are the parts of the DKIM record?
Selector - The selector tells the receiving server where to look for the DKIM record.
_domainkey - This tells the receiving server this is a DKIM record.
TXT Record DKIM1\; k=rsa\; p=MFww…. - This is the “Public Key” visible on the DNS records.
How does it work?
The owner of the domain publishes an encrypted public DKIM txt record.
Before the message leaves the sending server, a private DKIM record gets added to the message.
The receiving server gets the message that looks at the included private DKIM record as well as the public DKIM DNS record.
After decrypting the records, and if everything matches, the message has passed DKIM and gets delivered.
Why do I need to use the DKIM?
DKIM reduces possible damage to your brand from agents trying to spoof your domain.
DKIM is one of a couple of DNS records used to authenticate the sender. Others include SPF and DMARC records. Authenticating the message increases the likelihood the message gets delivered to the inbox.
Failing DKIM normally leads to bulking or bouncing depending on the settings of the receiving servers.
Is this a record that needs frequent updating?
If there are no changes to your platform then updates are minimal or none at all. If you start using additional “from” domains or using a vendor that may send mail on your behalf then additional DKIM records will need to be created.