DKIM is an acronym for “DomainKeys Identified Mail”. It’s also known as “email signing”. DKIM’s intent is to prove that the contents of an email message haven’t been tampered with, that the headers of the message have not changed (e.g., adding in a new “from” address) and that the sender of the email actually owns the domain that has the DKIM record attached to it (or is at least authorized by the owner of the domain to send emails on their behalf.)
As with other spam protections, such as SPF and DMARC, DKIM is a TXT record that’s added to a domain’s DNS. And if SPF is like a return address on a letter, DKIM is like sending that letter via Certified Mail as it further builds trust between the sending server and receiving server.
Setting up email signing and creating the fields necessary to add DKIM to a domain's DNS record is simple within SmarterMail.
- Log in as a Domain Administrator
- Click on the Domain Settings icon
- Navigate to the domain’s General settings
- Find the Email Signing card
- Click on the Settings button
- A modal window opens, like the one below. Here, all of the DKIM settings are displayed. SmarterMail defaults all of these to a set of general recommendations, but they can be adjusted as needed. A full explanation of these fields is available in the SmarterMail Help.
- Make any changes you want and save them. If no changes are made, simply click the Cancel button.
- Next, click the Enable button on the Email Signing card. Another modal window opens, but this one contains the text necessary for adding DKIM to the domain’s DNS. This window contains two important pieces of information: the “Text Record Name” used for the TXT record, and the”Text Record Value”. The “name” also contains the “DKIM selector”, which is the value that precedes “._domainkey.your-domain.com”. For example, “2B8U4DAB93D58YR”. The selector can be used to verify that your DKIM record is set up correctly. The value is also the public key that’s created by the SmarterMail server. Therefore, it’s the encrypted key that pairs to the private key that’s stored on the mail server. This is why it looks like a random series of characters.
- Now that you have the Name and Value for the TXT record, you will want to log in to your DNS provider and create the actual DNS record. How you do this depends on who your provider is. In addition, as this is a change to DNS, it may take a few hours for the record to propagate for the domain. Generally that propagation is pretty fast, but it could take 24 hours or more.
Validating Your DKIM Record
Once you've made the changes to your domain's DNS, it can take a few hours for those changes to take effect. To test whether you're set it up properly, you can do a search for "DKIM record validation" or use a site such as MXToolbox
. MXToolbox makes DKIM validation simple; you just need your domain name and the selector. Enter those into their form, and they'll let you know a) if the record can be found, and b) if it's valid.