How to setup DKIM

Before we get into how to setup DKIM for your domain, let’s talk a bit about what is DKIM. DKIM, or DomainKeys Identified Mail, is an email authentication protocol that is used for verifying the authenticity of outbound emails. The process involves using a private cryptographic key generated by your mail server which signs each outgoing email message. This ensures your recipients can verify that the emails they receive were sent from your mail server and are not forged. This can improve deliverability and help weed out spam. To place it simply an email from a DKIM enabled mail server contains a digital signature or more correctly, a cryptographic signature, which can be validated by the receiver’s email server.

DKIM was created by combining existing technologies like DomainKeys (from Yahoo) and Identified Internet Mail (from Cisco). It has developed into a widely adopted authentication method, which is known as DKIM and it is also registered as an RFC (Request for Comments) by the IETF (Internet Engineering Task Force). All major ISPs like Google, Microsoft and Yahoo create a digital signature that is embedded in the email header of outgoing emails and validate incoming mail with their own policies.

In the blog we are going to delve into the mechanism used in DKIM to validate your emails and its various advantages, as well as learn about how to setup DKIM for your own domain.

How to Setup DKIM to Protect Your Domain from Spoofing?

The DKIM signature is generated by the MTA and is stored in the list domain. After receiving the email, you can verify the DKIM by using the public key. DKIM as an authentication mechanism that can prove the identity of a message. This signature proves that the message is generated by a legitimate server.

This is especially required since domain spoofing attacks are on the rise in recent times.

What is a DKIM Signature?

In order to use DKIM, you need to decide what should be included in the signature. Typically this is the body of the email and some default headers. You can’t change these elements once they’re set, so choose them carefully. Once you have decided what parts of the email will be included in the DKIM signature, these elements must remain unchanged to maintain a valid DKIM signature.

Not to be confused with DKIM selector, DKIM signature is nothing more than a consortium of arbitrary string values also known as “hash values”. When your domain is configured with DKIM, your sending email server encrypts this value with a private key that only you have access to. This signature ensures that the email you send has not been altered or tampered after it was sent. To validate the DKIM signature, the email receiver will run a DNS query to search for the public key. The public key will have been provided by the organization that owns the domain. If they match, your email is classified as authentic.

How to Setup DKIM in 3 Easy Steps?

In order to implement DKIM easily with PowerDMARC all you need to do is generate your DKIM record using our free DKIM record generator. Your DKIM record is a DNS TXT record that is published in your domain’s DNS. Next you can conduct a free DKIM lookup, using our DKIM record lookup tool. This free tool provides a one-click DKIM check, ensuring that your DKIM record is error-free and valid. However, in order to generate the record, you need to first identify your DKIM selector.

How Do I Identify My DKIM Selector?

A common question often raised by domain owners is how do I find my DKIM? In order to find your DKIM selector, all you need to do is:

1) Send a test mail to your gmail account 

2) Click on the 3 dots next to the email in your gmail inbox

3) Select “show original” 

4) On the “Original Message” page navigate to the bottom of the page to the DKIM signature section and try to locate the “s=” tag, the value of this tag is your DKIM selector. 

DMARC and DKIM

A common question that you may often find yourself asking is whether implementing DKIM is enough? The answer is no. While DKIM helps you encrypt your email messages with a cryptographic signature in order to validate the legitimacy of your senders, it doesn’t provide a way for email receiver’s to respond to messages that fail DKIM. This is where DMARC steps in!

Domain-Based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol that helps domain owners take action against messages that fail SPF/DKIM authentication. This in turn minimizes chances of domain spoofing attacks and BEC. DMARC along with SPF and DKIM can improve email deliverability by 10% over time and boost your domain reputation.

Sign up with PowerDMARC today to avail of your free DMARC analyzer trial today!