Email Authentication Methods Part 1: What Is DKIM?

Email Authentication Methods Part 1: What Is DKIM?

The world of email can be perilous, with the ever-present risk of spammers targeting inboxes, and fraudsters inundating targets with phishing emails. It sometimes seems the world is in an ongoing attempt to get your clicks or to get their hands on your private credentials, including credit card information.

There’s no such thing as being too cautious when it comes to protecting your email. For this reason, email filters are progressively improving their methods for detecting fraudulent and suspicious emails. So much so, that legitimate emails may accidentally be flagged as spam.

If you send email as part of your marketing and customer communication efforts, you know that every time an email finds itself in the spam folder of a recipient, your ROI (return on investment) from email marketing deteriorates.

To differentiate your email from malicious spam/phishing attempts, you must take proper email authentication steps. 

"What exactly is email authentication?" you ask.

To put it plainly, email authentication is a set of security systems used to validate an email’s authenticity, ensuring that the email message came from the claimed sender and wasn’t forged somewhere along its journey to the coveted inbox.

This system is composed of three main email authentication protocols: SPF, DKIM, and DMARC. In this post, we'll be focusing on the DKIM protocol, which uses a system of DKIM signature authentication to verify mail. In our next posts, we'll discuss SPF and DMARC.

What is DKIM?

DKIM (DomainKeys Identified Mail) is an email security protocol that allows email users to verify a domain name identity that is affiliated with a message using cryptographic authentication, also known as a DKIM signature.

The purpose of this technique is to ensure that messages are not modified during transit, cross-checking the body and headers of the message, detecting fraudulence, and ensuring that they weren’t sent with spoofed headers.

While SPF protects against email spoofing and unauthorized senders, DKIM adds an additional layer of security by confirming the integrity and origin of the message itself. Together, SPF and DKIM complement each other to enhance email deliverability and protect against different types of email-based threats.

For a quick look at the relationship between DKIM, SPF, and DMARC, watch the PowerDMARC video, below.

Spend more time relaxing 🍺
...and less time battling complicated email marketing services, with Mailer To Go’s full-featured cloud email solution.

How does DKIM work?

DKIM is based on public key cryptography in the form of a DKIM signature to verify that an email message was sent from an authorized mail server. 

When implementing DKIM signatures, the first step is to publish cryptographic public keys as TXT DNS records in your domain.

Then, when you send an email, the mail server you send the message through will add a digital signature (the DKIM signature) to your message, in the email header. This DKIM Signature contains tagged information, including information about the signing domain.

The recipient server can then confirm your email’s authenticity by seeking out a sender’s DKIM key in conjunction with the DKIM signature signing domain name from the sending domain’s DNS records, and ultimately using it to verify the encrypted DKIM signature and the credibility of the domain owner.

What is a DKIM record?

A DKIM record serves as a crucial component in email authentication, ensuring the integrity and authenticity of messages sent over the internet. It is essentially a specially formatted DNS TXT record that contains essential information for verifying the signature of an email.

The construction of a DKIM record involves several key elements. 

First, it includes a name that uniquely identifies the record within the domain's DNS settings. Additionally, the record contains a version indicator, specifying the version of the DKIM protocol being used. This allows for compatibility and proper interpretation of the record's contents.

email authentication lock

One of the essential components of a DKIM record is the key type, which specifies the cryptographic algorithm used to generate the digital signatures. 

Common key types include RSA and Diffie-Hellman. The public key, a crucial piece of the record, is the component used by the receiving mail server to verify the authenticity of the message's signature.

To simplify the process for email senders, DKIM records are typically provided by the email service provider, like Mailer To Go, or the domain registrar responsible for transmitting the emails on behalf of the domain. 

These records are made available in the domain's DNS settings, where administrators can easily add or update them.

By implementing DKIM records, organizations and individuals can enhance the trustworthiness of their email communications. This technology plays a vital role in mitigating email forgery and ensuring that messages reach their intended recipients without being tampered with or modified during transit.

Need a DKIM-capable email service?📨🤔
Send verified email from inside your apps with Mailer To Go’s secure, reliable add-on service.

How do I create a DKIM record?

To create a DKIM record, you can follow these steps:

  1. Determine the email service provider or domain registrar responsible for your domain's email transmission, in your case, it should be Mailer To Go.

  2. Access the DNS management settings for your domain.

  3. Locate the option to add or edit DNS records.

  4. Choose the option to add a new DNS record and select the record type as TXT.

  5. Specify the name for the DKIM record, which is usually a combination of "selector._domainkey" (e.g., "selector1._domainkey").

  6. Generate a public-private key pair using a DKIM key generation tool or your email service provider's provided tools.

  7. Copy the public key generated and paste it into the content field of the TXT record.

  8. Save the DNS record to publish it.

  9. Verify the DKIM record's propagation by using online DNS lookup tools or waiting for the changes to take effect globally (which may take some time).

  10. Once the DKIM record is propagated, the receiving mail servers will use it to authenticate your email messages' signatures.

Remember, the specific steps may vary depending on your domain registrar or email service provider's interface, so it's always a good idea to consult their documentation or support resources for precise instructions.

Why is DKIM important?

If you work in a business that sends transactional or commercial emails, DKIM signatures are important to you because they play a key role in proving email authenticity and establishing the credibility of yourself as the domain owner.

As mentioned at the beginning of this post, email deliverability has a crucial role in email marketing ROI, and implementing the standard of DKIM signatures will help increase email deliverability, improving your sender reputation in the process.

DKIM authentication isn’t your silver bullet to all deliverability issues, however. 

We recommend implementing other means of email authentication, in addition to DKIM authentication, to create a more complete email authentication policy and to adhere to anti-spam guidelines.

These steps are meant to increase the probability of your email reaching its intended recipient.

email authentication

In Conclusion

In conclusion, DKIM (DomainKeys Identified Mail) is a vital technology for ensuring the authenticity and integrity of email messages.

By using a specially formatted DNS TXT record, DKIM enables the receiving mail server to verify the digital signature of an email, thus confirming its legitimacy. 

This authentication process helps combat email forgery, reduces the risk of spam and phishing attacks, and enhances the overall trustworthiness of email communications.

Creating a DKIM record involves adding the necessary information, such as the public key, to the DNS settings of your domain. While the exact steps may vary depending on your email service provider or domain registrar, following the general guidelines mentioned earlier can help you establish a DKIM record effectively.

By implementing DKIM, you can contribute to a safer and more secure email ecosystem. With the increasing prevalence of malicious email activities, DKIM serves as a valuable tool in mitigating risks, protecting recipients from fraudulent messages, and maintaining the integrity of email communication.

As email continues to be a fundamental mode of digital communication, adopting a secure, DKIM-enabled email service like Mailer To Go is a proactive step towards ensuring trustworthy and reliable email exchanges in today's interconnected world.

email verification lock

Does Mailer To Go support DKIM?

Yes. Mailer To Go implements DomainKeys Identified Mail as the standard for email authentication. In fact, Mailer To Go requires all of our users to use DKIM authentication! 

DomainKeys Identified Mail DKIM is not only a means to sign your email messages but also a good way to ensure that you own the domain that you’re trying to send email from.

About Mailer To Go! 📬
Mailer To Go lets you send emails from inside your applications using your own email addresses and domains.

Read more about email authentication methods

Frequently asked questions

What is DKIM?

DKIM (DomainKeys Identified Mail) is an email authentication method that helps verify the authenticity and integrity of email messages. It uses cryptographic digital signatures (called DKIM signatures) to ensure that emails are not tampered with during transit and that they actually originate from the stated domain.

By adding a specially formatted DNS TXT record to the domain's DNS settings, DKIM enables receiving mail servers to validate the sender's identity and detect any potential email spoofing or modification. This DKIM signature technology plays a crucial role in reducing spam, preventing phishing attacks, and enhancing overall email security.

What is the difference between SPF and DKIM?

SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are both email authentication methods, but they serve different purposes. 

SPF verifies the sender's IP address by comparing it with a list of authorized sending IP addresses published in the domain's DNS records. On the other hand, DKIM focuses on verifying the authenticity and integrity of the email itself. It uses cryptographic digital signatures and DKIM records to ensure that the email has not been modified in transit and that it actually originates from the stated domain. 

While SPF protects against email spoofing and unauthorized senders, DKIM adds an additional layer of security by confirming the integrity and origin of the message itself. Together, SPF and DKIM complement each other to enhance email deliverability and protect against different types of email-based threats.

Boost Your Email ROI with Mailer To Go

Ready to boost email deliverability and clickthrough rates?

Start for free