Summary
Authenticating your sending domain is a necessity to maintain your reputation and deliverability. Indeed, many things can jeopardize the security of your domain name and seriously harm your deliverability, for example, phishing (or spoofing), which is sending a message by impersonating a third party with the aim of stealing personal information.
Fortunately there are solutions to avoid these problems and ensure your messages reach your recipients, rather than ending up in spam. DomainKeys Identified Mail, or DKIM, authenticates emails, adding a digital signature to outgoing messages. Other methods for email authentication to avoid phishing/spoofing are SPF, or DMARC. Read our article dedicated to this subject to learn more.
To learn more about email authentication, what DKIM is, and how to use it to secure your emails, gain the trust of your recipients, and improve your email deliverability, read this article and check out the advice of our MailSoar experts.
DKIM, definition
DKIM authenticates the sending domain and guarantees the integrity of the sent message. DKIM creates a link between your email address and your domain name with an electronic signature, encrypted with a hash value that is like a fingerprint. This hash value can be decrypted by the recipient to verify the conformity of the email with the sending domain.
DKIM, why is it important?
Authenticated mail will gain the trust of your recipients. It also facilitates identification by ISPs, which will have a positive impact on your deliverability. Your email will be secure and correctly identified, so there is little chance of it being spammed or reported as spam by users.
Authenticated mail also helps prevent phishing. Nearly 3.4 billion phishing emails are sent every day and 22% of reported data breaches start with a phishing email.
How does DKIM work?
DKIM is integrated into the header of your email. It is not visible and the embedded code is recognized by email services. The electronic signature is automatically generated from a private key associated with your sending server. This private key is generated from a public key integrated in the TXT record of your domain. This allows a verification of the authenticity of the email sent.
- The email sent from your sending server will be associated with an encrypted electronic signature.
- The receiving server will then check if the public key, contained in the DNS of your domain, corresponds to the electronic signature of your email.
- If the signature matches, your email will be correctly identified and delivered to the recipient. If not, your email will be blocked or land in spam.
We will now see how to set up DKIM to secure the send of your emails.
Our MailSoar experts can assist you with the configuration of DKIM to authenticate your sending domain.
How to configure DKIM on your sending domain
It is important to note that setting up DKIM requires some technical knowledge. Our MailSoar experts can assist you in the implementation of DKIM, so do not hesitate to contact us.
These are the steps to set up a DKIM signature:
1. Generate a private and public key pair
The tools to create this pair depend on the operating system you are using.
If you are a Mac or Linux user, you can use SSH-Keygen. Windows users can use PUTTYGen which is an excellent tool for creating secure key pairs.
2. Integrate the public key in your DNS server
Once you have created your private-public key pair, you must now integrate it into your DNS settings in a TXT format. This step varies depending on the DNS server you are using.
3. Activate DKIM authentication with Google
To enable DKIM signing on your domain with Google follow these steps:
- Sign in with an administrator account
- Once you’re signed in, go to the Gmail application.
- Click Authenticate Email.
- From the Selected Domain menu, choose the domain for which you want to enable DKIM.
- Click the Start Authentication button. When DKIM setup is complete and working, the status at the top of the page will show Email Authentication Enabled.
If you use another email service, or if you need help authenticating your sending domain with DKIM to optimize your deliverability, our MailSoar experts are here to help you.
4. Check the DKIM signature is enabled
You can now check if the DKIM authentication has worked. To do this, simply send an email to a Gmail or Google Workspace user. Open it in the recipient’s inbox, and view the email header. If the header contains a line like “DKIM=OK” or “DKIM=pass”, the registration has worked.
By following these steps, your domain will now be properly authenticated. This will protect you from certain fraudulent practices, while gaining the trust of your recipients.
