A DKIM setup (DomainKeys Identified Mail) is a standard that allows you to verify that the email you’re sending actually came from your domain. It’s kind of like a digital signature that proves you wrote the email.

You can use a DKIM setup to make sure your email doesn’t get filtered by spam filters or blocked by spam blockers, which means it’ll make it through without being rejected. It also ensures that your emails don’t get blocked by anti-spam services, like those found on Gmail, Outlook, and Yahoo! Mail. This way you can send legitimate emails from any email address and not worry about whether or not it’s going to get caught in the spam filter.

What is a DKIM setup?

A DKIM setup is a digital signature method that’s used to verify that the message you’re sending is really coming from whoever you think it is. That way, it’s much harder for someone to spoof a message and pretend they’re sending it from someone else without your knowledge.

It works by creating an encrypted hash of the original text of the email and then sending it through multiple machines before encrypting it again. The encrypted version is then sent back to the original sender for verification.

There are two main parts to the verification process: verifying that an email has been signed properly and verifying that the signatures themselves are valid.

How does a DKIM setup work? 

A DKIM setup is a way to ensure that your email is not being altered in transit from your server to the recipient’s server. It uses public-key cryptography, which means it uses a private key (which only you know) and a public key (which can be shared openly).

When you send an email, your mail server will encrypt the message using the recipient’s public key. This process is called “authentication.” At the same time, when the recipient’s mail server receives the message, it will decrypt it using its own private key. This process is called “decryption.” If they match up exactly—if they both have their own private keys and their own public keys—then they can be assured that no one has tampered with their email during transit.

This system makes DKIM possible because if someone tries to intercept your email before it reaches its destination (like an ISP or phishing attack), they will not be able to decrypt it because they don’t have access to your private key; instead, they’ll only see garbage data if they try

If you’re just getting started with your DKIM setup, we recommend using our PowerDMARC, which offers an easy-to-use interface and support from experts on everything from setting up the protocol to troubleshooting if things don’t go smoothly. If you’re more comfortable with advanced features like rate limits and email authentication best practices, sign up today to take a free email authentication trial.

How to orchestrate your DKIM setup to maximize protection? 

  • Combine it with SPF and DMARC

If you wish to take your DKIM setup to the next level, consider pairing it up with SPF and DMARC. While SPF helps verify your sending sources, DMARC allows you to specify to receiving servers how to handle bad email as well as monitor your email channels from time to time. Together, the three protocols work in unison to provide compliance with your emails. 

  • Set up multiple DKIM records for your domain

Setting up more than one DKIM record is actually a good thing as it helps you shuffle between your keys to enable manual DKIM key rotation. This ensures that when one key is rendered obsolete, another can be configured and used. 

  • Use 2048 bits DKIM selectors 

While the standard is 1024 bits, using a longer selector will actually make your DKIM setup stronger and help you better protect your emails against alterations in transit. 

  • Don’t settle for a manual setup 

DKIM is free to use. It is an open-source authentication protocol that you can get started with by simply generating a TXT (or CNAME) record using our free DKIM record generator tool. Just enter the desired selector (e.g. s1) and your domain name (e.g. and hit the generate button. Follow on-screen instructions to publish the correct public key on your DNS and you’re done! This manual DKIM setup will be functional as soon as your DNS processes the changes. 

However, manual setups are prone to human error, require maintenance and monitoring and no one has time for that. This is why opting for an automated authentication experience with our DMARC analyzer is a confirmed way to ensure you’re availing of only the best when it comes to your email’s security. Get started today!