Table of contents
If you are a business that sends commercial or transactional emails, it’s critical to use both SPF and DKIM. Not only will these protocols protect your business from phishing and spoofing attacks, but SPF and DKIM ultimately help protect your customer relationships and brand reputation. However, these are only just a few of the many steps you can take to ensure business-critical emails reach your customers’ inboxes on time and don’t end up in spam folders.
Note: The problem with DKIM is that because it’s more difficult to implement, fewer senders have adopted it. This inconsistent adoption means that the absence of a DKIM signature does not necessarily indicate the email is fraudulent.
How does DKIM affect email deliverability?
Adding a DKIM signature to your email’s header adds another layer of authenticity to your campaigns. DKIM, along with SPF and DMARC make up the dream team trio of email authentication and security. Together, they work in synergy to prevent email spoofing and make your emails more trustworthy.
How do I create a DKIM record for a domain?
Create a list of all domains and sending services (such as marketing campaign platforms or invoice generators, also referred to as ESPs) that are authorized to send an email on your behalf. Contact them and request DKIM to be configured and that you need a copy of the public key.
Generate the key pairs. Here are a few options:
If your organization has its own email server, it may have native DKIM functionality. Check the available documentation for the public/private key generation and policy record creation (or check in with your IT staff who are responsible for the server).
There are third-party tools available to generate the DKIM record. Note: check with your organization’s security policy prior to utilizing third-party tools.
https://tools.socketlabs.com/dkim/generator
https://www.sparkpost.com/resources/tools/dkim-wizard/To create the keys without a third party, an open-source project called opendkim is available.
DKIM keys also can be generated via openssl.