DKIM, standing for DomainKeys Identified Mail, is a method where a sender (or forwarder) can take responsibility for the content of an email by digitally signing for the message. A DKIM signature is added to the header of any outbound email message that a sender would like to vouch for. The recipient can then compare this DKIM signature to a publicly available DKIM key that decodes it. If successfully decoded, the message is authenticated as being from that sender. Otherwise, the recipient can choose to run more intense checks on the email, quarantine or discard it.
A receiver using DKIM will be able to reduce inbox delivery of erroneously forwarded or spoofed email received. This greatly reduces the potential for abuse as recipients now have more information on the sender.
Should I setup DKIM?
Absolutely! Both email senders and receivers should be using DKIM on their email systems. While DKIM does not itself filter email, the DKIM signature is important in your overall delivery/rejection process. Regardless of the volumes of outbound email, a sending organization should use a DKIM key to sign for email. This attaches your reputation to the email and makes it easier for customers to trust that email is coming from you. If there isn’t a signature on email that looks like it comes from you, then it could be spoofed. It’s better to stand behind what you send.
Similarly, if you aren’t scanning incoming email for DKIM signatures, you are opening yourself up to potential attacks. At minimum, you are treating all email the same and need to run more checks on incoming email against blacklists, scan for viruses and malware, which can be more taxing than a simple DKIM check.
DKIM works hand-in-hand with SPF and DMarc to help senders and receivers better communicate on the quality of email being sent. Overtime, these technologies will dramatically reduce spam, spoofing and other unsafe mail delivery.
How do I get a DKIM key?
We often refers customers to one of the many services that will generate a key for you. Right now, we recommend letsencrypt.org.
MxToolbox Tools for DKIM
A DKIM sender may have several DKIM records, so MxToolbox DKIM Lookup searches the specific record selector you request (see below). DKIM lookup results are parsed and compared to RFCs to alert you to issues. The example below contains a very simple DKIM record.
As a paid MxToolbox.com user, you get access to our expert Support team. Open a ticket to get access to the best advice on improving your email delivery including setting up SPF and implementing DKIM and Dmarc.