Deliverability
What is DKIM: Learn how it works and why it’s necessary
You may know DKIM as an added layer of authentication for email but it’s more than that. It’s a digital signature that proves you are who you claim to be. DKIM also helps with your email deliverability. How? Keep reading and we’ll give you all the details.
PUBLISHED ON
Are you who you say you are, or are you a spoofer in disguise? Answering this question is what DKIM is all about.
As email usage and capabilities continue to grow, it’s important to make sure that your sender reputation is staying positive and secure. One of the best ways to do this is to use DKIM (DomainKeys Identified Mail). If the idea of yet another email acronym is throwing you off, don’t be alarmed.
We're here to break this authentication down and walk you through the basics and benefits of DKIM.
Table of contents
What is a DKIM signature?
What is a DKIM record?
What are DKIM record checks?
What are the benefits of DKIM?
Verify your domain
Add your records
Common DNS Provider Documentation
08
FAQ
What is DKIM?
DKIM (DomainKeys Identified Mail) is an email authentication protocol that validates you as the true sender of a message using encrypted signatures. It ensures that nobody has used your domain or other identifiers to impersonate you or your company.
DKIM has become an authentication standard in the email world necessary for both bulk marketing and transactional campaigns. A message sent without DKIM and/or SPF can be considered suspicious by different email analysis tools.
How does DKIM work?
DKIM is a crucial component in safeguarding email security against phishing attacks. Employing domain-based message authentication, DKIM verifies the authenticity of emails by attaching a digital signature linked to the sending domain name. This signature acts as a stamp of legitimacy, ensuring that emails haven't been tampered with during transit and originate from authorized sources. By providing a mechanism to detect and prevent email spoofing, DKIM adds a layer of trust to online communications, crucial in an age where phishing attacks are rampant.
DKIM operates through a key pair system, where a private key is held by the email server and a corresponding public key is published in the DKIM signing domain's DNS records. To implement DKIM effectively, email servers need to be configured to sign outgoing emails with this private key.
This signing process embeds a cryptographic signature within the email header, serving as a digital fingerprint of authenticity. The DKIM signature is then verified by recipient servers against the public key stored in the DNS records of the sender's domain. This conformance ensures that emails are from the claimed sender and haven't been modified in transit. This also helps with email security. Matching keys open the door to deliverability. Mismatched keys trigger alarms and land you in spam.

There are a few important elements in DKIM authentication, including DKIM signatures and DKIM records. Let’s see what they are and what role they play in this process.
What is a DKIM signature?
The main component of DKIM is the DKIM signature, a header that is attached to your email messages which your recipient can use for verification. How you generate DKIM keys varies depending on your provider but some basic recurring variables of the signature are:
“d=” refers to the signing domain associated with a selector record to locate a public key. Messages from Mailgun are identified as “d=mailgun.com”.