DKIM, standing for DomainKeys Identified Mail, is a method where a sender (or forwarder) can take responsibility for the content of an email by digitally signing for the message. A DKIM signature is added to the header of any outbound email message that a sender would like to vouch for. The recipient can then compare this DKIM signature to a publicly available DKIM key that decodes it. If successfully decoded, the message is authenticated as being from that sender. Otherwise, the recipient can choose to run more intense checks on the email, quarantine or discard it.
A receiver using DKIM will be able to reduce inbox delivery of erroneously forwarded or spoofed email received. This greatly reduces the potential for abuse as recipients now have more information on the sender.
Should I setup DKIM?
Absolutely! Both email senders and receivers should be using DKIM on their email systems. While DKIM does not itself filter email, the DKIM signature is important in your overall delivery/rejection process. Regardless of the volumes of outbound email, a sending organization should use a DKIM key to sign for email. This attaches your reputation to the email and makes it easier for customers to trust that email is coming from you. If there isn’t a signature on email that looks like it comes from you, then it could be spoofed. It’s better to stand behind what you send.
Similarly, if you aren’t scanning incoming email for DKIM signatures, you are opening yourself up to potential attacks. At minimum, you are treating all email the same and need to run more checks on incoming email against blacklists, scan for viruses and malware, which can be more taxing than a simple DKIM check.
DKIM works hand-in-hand with SPF and DMarc to help senders and receivers better communicate on the quality of email being sent. Overtime, these technologies will dramatically reduce spam, spoofing and other unsafe mail delivery.
How do I get a DKIM key?
We often refers customers to one of the many services that will generate a key for you. Right now, we recommend talking with your email provider.
MxToolbox Tools for DKIM
A DKIM sender may have several DKIM records, so MxToolbox DKIM Lookup searches the specific record selector you request (see below). DKIM lookup results are parsed and compared to RFCs to alert you to issues. The example below contains a very simple DKIM record.
We know that implementing DKIM, SPF and DMARC can often be a challenging but necessary part of improving email delivery. That’s why we provide an unparalleled Managed Services option. MxToolbox Delivery Center Managed Services will implement SPF, DKIM and DMARC on your behalf, monitor you DMARC reports and tweak your configuration as necessary to maintain peak performance of your email.