Understanding DKIM: How it works and why it's necessary

Using DKIM could improve your email deliverability. Learn what DKIM is and how to use it in Mailgun's ultimate guide.

As email usage and capabilities continue to grow, it’s important to make sure that your sender reputation is staying positive and secure. One of the best ways to do this is to use DKIM (short for DomainKeys Identified Mail). If the idea of yet another email acronym is throwing you off, don’t be alarmed.

Below, we’ll walk through the basics–and benefits—of DKIM to illuminate its purpose and value to sender organizations.

How does DKIM work?

Once you get past its confusing acronym, DKIM is pretty easy to understand. It is a form of email authentication by which recipients of your messages can verify that you are the true sender of the email. Through this, they can ensure that nobody has used your domain or other identifiers to impersonate you. These protocols have become the standard in the email world, and a message sent without DKIM and/or SPF can be considered suspicious by the different email analysis tools.  Below are some main components of DKIM.

DKIM signature and verification

The main component of DKIM is the DKIM signature. The DKIM signature is a header that is attached to your email addresses — your recipient can use this for verification. DKIM signatures change from message to message because of different email recipients and content, but all will contain some basic elements.

  • “d=” refers to the sending domain that signs the message. Messages from Mailgun are identified as “”.

  • “b=” refers to the message’s unique digital signature.

  • “bh” refers to a digital tag that can be verified by the recipient.

Using these tools, people who are interested in your email campaigns or transactional emails can be sure that your sender identity is correct. 

DKIM records and checks

A DKIM record is part of your DNS records. It is a record of the public domain key(s) you use for DKIM. If you don’t set up a DKIM record with your personal domain information, some email providers, like Google Mail, use their own default DKIM in your messages. However, it is always best to create your own specific DKIM records. Specific, endorsed records make verification and troubleshooting easier for both sender and recipient.

A DKIM record check is pretty much what it sounds like–it means that you’re validating your DKIM records to ensure they’re correct. There are many tools you can use to check your records, and you can always change your records if necessary.

What are the benefits of using DKIM?

DKIM is an easy way to protect the reputation of your organization and its email program. It offers protection against phishing and “spoofing” scams. Your recipients can verify your messages and see which ones are and aren’t actually from you. By using DKIM, they’re less likely to send personal information to scammers.

Additionally, DKIM helps to boost your organization’s reputation. Because your messages can be verified, they are more likely to be trusted and recognized. Knowing that your emails are secure helps recipients feel more comfortable when they’re in contact with you. This can lead to more two-way communication between you and your email list, and help strengthen relationships with your customers.

Finally, DKIM helps maintain the integrity of your email program. By using DKIM and regular DKIM record checks, you can ensure that your email program has the information and credibility it needs to succeed. That way, your sender domain stays associated with you, and not with spammers who are trying to reach your customers. It’s a simple step that keeps your email communications and recipient relationships in good shape.

How to set up DKIM with Mailgun

Mailgun requires a verified DKIM key via DNS check before a domain can send from its platform, in order to keep your messages as secure as possible. Instead of using a provider’s standard DKIM, you’re prompted to set up verification details that are specific to your domain and are associated with your organization. This keeps your emails easily identifiable by recipients—and it keeps your DKIM records recognizable and changeable for you and your team.

Below is a step-by-step guide on how to customize your DKIM with Mailgun.

Verify your domain

Add a domain you own and verify it by setting up the DNS record we provide (this is the DKIM record) at your DNS provider. An example is below.

  1. Add your domain or subdomain in the Domains tab of the Mailgun control panel.

2. Open your DNS provider and add the DKIM TXT DNS record provided. This record can be found in the Domain Verification & DNS section of the domain settings page of the Mailgun control panel.

3. If you want Mailgun to track clicks and opens you can also add the CNAME record.

4. MX records should also be added, unless you already have MX records for your domain pointed at another email service provider (e.g. Gmail).

Once you’ve added the records and they’ve propagated, your domain will be verified. Note: it can take 24-48 hours for DNS changes to be verified.

Common DNS Provider Documentation

Common providers are listed below. If yours is not listed, contact your DNS provider for assistance:

Now you’re all set! You can find all other necessary information in our documentation.

Key takeaways about DKIM and its usage

Now that we’ve broken down DKIM into more understandable parts, we can review its most important aspects. DKIM is a useful tool that you can (and should) use to verify when sending email to your mailing list. By “signing” your emails, you signal that your organization is trustworthy.

DKIM offers your recipients protection from fraud, boosts your reputation by showing your security, and ensures that your details are associated with your organization. It’s a small but crucial step—alongside other best practices, like cleaning and validating your email list—that strengthen your email program’s security and integrity, and it can make all the difference in your customer’s confidence and trust. Try it out and add another acronym into your arsenal.

Learn about our Deliverability Services

Deliverability Services

Looking to send a high volume of emails? Our email experts can supercharge your email performance. See how we've helped companies like Lyft, Shopify, Github increase their email delivery rates to an average of 97%.

Related readings

How to conduct a comprehensive email deliverability audit

It usually starts with a sneaking suspicion that something is wrong with email deliverability...

Read more


isfit email series: My email isn’t authentic enough

In my last article, I touched on the basics and background behind the various authentication ...

Read more

Email authentication: Your ID card for sending

As a Technical Account Manager at Mailgun, I’m constantly talking to my customers about various deliverability and good sender best practices ...

Read more

Popular posts

Mailgun iconSee what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending