May 18, 2020
DKIM Record: A Beginner’s Guide
Having troubles with your email marketing campaign? Spent time and money only to find out your emails land in spam folders? If you answer “yes” to these questions, then you definitely need DKIM record to improve your deliverability. In this article, you’ll learn what it is and how to use it.
What Is DKIM Record?
DKIM record or DomainKeys Identified Mail is a form of email authentication method that adds digital cryptographic signatures to email messages.
It ensures that the email comes from a trusted source and hasn’t been changed or forged in transit between the sending and receiving servers.
When you send an email, a private/public key pair will be generated.
The private key is used to sign the email, while the public key is published to your domain’s DNS using TXT records — a type of DNS entry that contains information for sources outside of your domain.
In this case, the record is used by the recipient’s servers to validate your emails (we’ll talk more about it later).
Is It Important?
The short answer, yes.
The core of the emailing system wasn’t built with any security protocols. So, it is very easy to send emails that appear from legitimate sources (email spoofing).
In a spoofed email, the address displayed to the recipient is different from the actual address. For instance, the recipient sees that the sender is email@example.com, but it’s actually from firstname.lastname@example.org.
As the recipient won’t know the actual sender of the email, this technique is often used in phishing and spam attacks
So by using DKIM, the receiving mail server (ISP) can verify that the incoming mail message that claimed to be from a specific domain is indeed from there. It will be hard for scammers to phish on behalf of your brand.
Having authenticated emails also help to build your domain’s reputation among ISPs and mail servers. Domains with authenticated emails will have higher score reputation, which, in return, will prevent your emails from going to spam folders.
How Does It Work?
DKIM record takes place in two servers — sending and receiving servers.
In the sending server, the body and the header of an outbound email will be turned into a hash (a string of unique text, also known as a cryptograph). The private key is then used to encrypt and sign the hash.
The receiving server notices that the incoming mail has a DKIM signature. To validate it, the receiving server retrieves the public key from the sending domain’s TXT/DKIM record to decrypt the signature back into its original hash.
Having the decrypted hash in hand, the next task for the recipient’s server is to generate its own hash from the email’s header and body.
If the decrypted hash matches with the recently generated hash, it means the email is genuine and hasn’t been tampered with.
How Can You Implement It?
Implementing a DKIM record to your email could be different depending on your email services. However, in general, the steps are as follow:
1. Create Your Own Selector
A domain can have multiple public keys if it has more than one mail server (each mail server has its own private key that only matches with one public key). A selector is an attribute within a DKIM signature that helps the recipient’s server to find the right public key from the sender’s DNS.
2. Generate a Private-Public Key
3. Adding DKIM Record to Your Domain
After obtaining the public key, you need to paste it into the right place of your DNS records. To do so, the steps may differ depending on your hosting provider.
If you’re using Hostinger, login to your dashboard and pick the desired domain. Head over to DNS Zone Editor and fill out the TXT (text) record using this format:
For other hosting services, try to contact your hosting provider as every DNS editor is different.
Email spoofing is a common issue. In order to counter it, mail providers need some kind of method to ensure that incoming emails are from legitimate sources.
One of email authentication methods is a DKIM record.
We strongly recommend using it to authenticate emails from their domain.
It will help your domain get marked as trusted, and your emails will actually reach the client’s inbox.
So even if it might sound complicated at first, it’ll be definitely worth it in the long run!