Top.Mail.Ru
DKIM — Postmypost
Log in
Sign up
RU EN
Log in Sign up
Glossary – DKIM

DKIM

Nikiforov Alexander
Friend of clients
Back

Contents

What is DKIM?

DKIM (DomainKeys Identified Mail) is a technology designed to authenticate emails, helping to identify fake messages. The main task of DKIM is to add a digital signature to the email, allowing email providers such as Mail.ru and Gmail to verify that the message was indeed sent from the specified domain. The DKIM signature is represented as a TXT record added to your website's DNS zone settings. An example of a record looks like this:

us._domainkey  TXT  v=DKIM1; k=rsa; p=XXXXXXXXXXXXXXXXXXXXX

Each part of this record plays an important role: v indicates the version of DKIM (always v=DKIM1), k defines the type of key (always k=rsa), and p represents a unique code generated by the mailing service.

Why is DKIM signature needed?

The DKIM signature performs several key functions:

  • Protection against fraud: DKIM prevents spammers from sending emails on your behalf. When combined with SPF and DMARC, this technology protects your subscribers from fraudulent activities, including identity theft.
  • Increased deliverability: DKIM improves your domain's reputation. Receiving servers use DKIM to determine the authenticity of the sender and their overall rating. Emails with a good reputation have a much higher chance of landing in the "Inbox".
  • Access to postmasters: Postmasters are analytical services of mail services that help track delivery, opens, unsubscribes, and spam complaints. Setting up email authentication, including DKIM, is necessary to connect statistics in the postmaster.

How does DKIM work?

The principle of DKIM is that each email contains encrypted data about who and when it was sent. When an email is received, the email provider (for example, Gmail or Mail.ru) extracts this data and decrypts it using the public key located on the sender's domain. If the data matches, it confirms that the sender is legitimate, and the email can be allowed into the "Inbox". Otherwise, it is sent to "Spam".

How to set up DKIM signature?

To set up a DKIM signature, you will need access to your website's DNS zone and corporate email. Usually, SPF and DKIM records are generated in mailing services and added through the personal account on the hosting. For example, in Unisender, you can create DKIM in the "Account Settings" section under the "Domain Authentication" tab. To do this, click the "Add" button, enter your domain, and click "Get settings". Note that confirming the DKIM record may take from an hour to several days.

Starting in 2024, major email providers have tightened requirements for the presence of DKIM records in emails. The absence of such a record may lead to the blocking of mass mailings via ESP. Therefore, it is important to correctly set up DKIM to avoid deliverability issues.

Checking DKIM signature

After setting up the DKIM signature, it is necessary to check its functionality. This can be done using your mailing service or a third-party service such as Mailtester. Let's see how to check DKIM in Unisender:

  • After setting the data on the hosting, go to the "Account Settings" → "Domain Authentication" section.
  • Check the status next to the required domain — it should change to "Enable". This usually takes from 30 minutes to several hours.
  • To manually refresh the check, click on the two arrows next to the status.

With Mailtester.com, you can test an email, including checking the DKIM signature. First, the service will prompt you to send a test email to the specified address, then you will receive a full report on deliverability and email authentication settings check. A high rating of the email indicates a greater likelihood of landing in the "Inbox", while a low rating signals the possibility of landing in "Spam".