DKIM : how to authenticate your domain

Authenticating your sending domain is a necessity to maintain your reputation and deliverability. Indeed, many things can jeopardize the security of your domain name and seriously harm your deliverability, for example, phishing (or spoofing), which is sending a message by impersonating a third party with the aim of stealing personal information. 

Fortunately there are solutions to avoid these problems and ensure your messages reach your recipients, rather than ending up in spam. DomainKeys Identified Mail, or DKIM, authenticates emails, adding a digital signature to outgoing messages. Other methods for email authentication to avoid phishing/spoofing are SPF, or DMARC. Read our article dedicated to this subject to learn more.

To learn more about email authentication, what DKIM is, and how to use it to secure your emails, gain the trust of your recipients, and improve your email deliverability, read this article and check out the advice of our MailSoar experts.

DKIM, definition

DKIM authenticates the sending domain and guarantees the integrity of the sent message. DKIM creates a link between your email address and your domain name with an electronic signature, encrypted with a hash value that is like a fingerprint. This hash value can be decrypted by the recipient to verify the conformity of the email with the sending domain.

DKIM, why is it important?

Authenticated mail will gain the trust of your recipients. It also facilitates identification by ISPs, which will have a positive impact on your deliverability. Your email will be secure and correctly identified, so there is little chance of it being spammed or reported as spam by users. 

Authenticated mail also helps prevent phishing. Nearly 3.4 billion phishing emails are sent every day and 22% of reported data breaches start with a phishing email.

How does DKIM work?

DKIM is integrated into the header of your email. It is not visible and the embedded code is recognized by email services. The electronic signature is automatically generated from a private key associated with your sending server. This private key is generated from a public key integrated in the TXT record of your domain. This allows a verification of the authenticity of the email sent.

How DKIM works

We will now see how to set up DKIM to secure the send of your emails.

Our MailSoar experts can assist you with the configuration of DKIM to authenticate your sending domain.

How to configure DKIM on your sending domain

It is important to note that setting up DKIM requires some technical knowledge. Our MailSoar experts can assist you in the implementation of DKIM, so do not hesitate to contact us.

These are the steps to set up a DKIM signature:

infrastructure setup

1. Generate a private and public key pair

The tools to create this pair depend on the operating system you are using. 

If you are a Mac or Linux user, you can use SSH-Keygen. Windows users can use PUTTYGen which is an excellent tool for creating secure key pairs. 

2. Integrate the public key in your DNS server

Once you have created your private-public key pair, you must now integrate it into your DNS settings in a TXT format.  This step varies depending on the DNS server you are using.

3. Activate DKIM authentication with Google

To enable DKIM signing on your domain with Google follow these steps:

    1. Sign in with an administrator account
    2. Once you’re signed in, go to the Gmail application.
    3. Click Authenticate Email.
    4. From the Selected Domain menu, choose the domain for which you want to enable DKIM. 
    5. Click the Start Authentication button. When DKIM setup is complete and working, the status at the top of the page will show Email Authentication Enabled.

If you use another email service, or if you need help authenticating your sending domain with DKIM to optimize your deliverability, our MailSoar experts are here to help you.

4. Check the DKIM signature is enabled

You can now check if the DKIM authentication has worked. To do this, simply send an email to a Gmail or Google Workspace user. Open it in the recipient’s inbox, and view the email header. If the header contains a line like “DKIM=OK” or “DKIM=pass”, the registration has worked.


By following these steps, your domain will now be properly authenticated. This will protect you from certain fraudulent practices, while gaining the trust of your recipients.

MailSoar is a deliverability agency who can help your deliverability grow, and thereby help your business grow.

Whether you’re an experienced email-sender looking to perfect the delivery of your infrastructure or that a big part of your business ROI is tied to email landing at the right place, our team of experts is used to manage the ongoing deliverability of massive senders from all industries.

Contact MailSoar to configure DKIM to authenticate and secure your sending domain to obtain optimal deliverability.

If you want to learn more about securing your sending domain, check out our dedicated article.

Share This Post

More To Explore

Phishing: recognizing and protecting against it

Phishing is a technique used by cybercriminals to try to steal your personal information. This type of attack can come in many different forms, but often takes the form of an email. Learn how to protect from them

Do you want to grow your business with emailing?

we can do it together

Book a meeting now