DKIM Configuration to Improve Email Delivery

DKIM Configuration to Improve Email Delivery
Published in : 19 Dec 2023

DKIM Configuration to Improve Email Delivery

Every mail server prevents emails from being sent by fraudulent sources. DomainKeys Identified Mail (DKIM) is a technique used to authenticate the sender's identity through digital signatures and is one of the approaches employed for this purpose.

Understanding DKIM

DKIM operates through the interaction of mail servers belonging to the sender and recipient without impacting the end user's experience.

This indicates that the sending email server attaches a digital signature to its outgoing emails, which is then authenticated by the receiving server. The receiving server accomplishes this by obtaining the public key associated with the sender's email server's signature. In certain instances, discrepancies between the public key and the digital signature may be attributed to various factors.

  1. The email did not originate from the specified mail server in the email header but instead from an unidentified deceptive server.
  2. The email underwent alterations during its journey from the genuine mail server to the recipient. This means that a hacker could intercept the email, make changes to it, and then forward it to the recipient.

Exploring the Mechanism of DKIM

Exploring DKIM involves examining its fundamental concept and its various components. Here, we have outlined the primary elements of DKIM records for better comprehension.


The email's content generates a character string known as the hash value using a specific algorithm. This value is then included in the email header. If the recipient finds that the hash value doesn't match, they can be confident that the email has been altered.

Power of Asymmetric Encryption

To verify the authenticity of the hash value's sender, the recipient must utilize a digital signature. Sender authentication is achieved through asymmetric encryption, which relies on a unique key pair: any data encrypted with key A can only be decrypted using essential B. The private key is kept confidential. In contrast, the public key is made available to others.

The procedure is as follows:

  1. The sender uses the private key to encrypt the hash value that has been calculated.
  2. The digital signature is created by adding the encrypted hash value to the email header.
  3. The receiver obtains the sender's public key from the domain name server and uses it to decrypt the signature.
  4. Afterward, the receiver re-evaluates the decrypted hash value. The email is considered secure if the recalculated hash value corresponds to the decoded hash value.

TXT Records on Name Servers

The sender's public key must be made available to recipient mail servers by adding it as a TXT record in the domain's DNS zone.

The DKIM record, therefore, contains the following elements:

  1. Frequently, the version is encoded as v DKIM1.
  2. The encryption method always uses RSA (k=RSA).
  3. 3. A lengthy sequence of characters represents the public key (p=).
  4. The selector choice depends on the supplier and can include options such as default. domainkey or k1.domainkey.

Typically, the DKIM record is only accessible within the email header. To locate it, both the domain name and selector are required, a process that often involves considerable research and is generally not widely known.

DKIM Record: A Step-by-Step Guide

To set up a DKIM record for your emails, you must create a key pair and save it in the appropriate location on your server. You can generate the required keys and entries independently if you manage your mail server. Alternatively, many email service providers offer assistance with this process.

Securing Your Email with DKIM Keys

The method for setting up DKIM varies depending on your email service provider, as not all providers support DKIM similarly. Some providers restrict DKIM to businesses, while others have specific essential length requirements. Generally, you can request DKIM keys through your email provider's settings or admin console. You can always contact customer support for assistance if you need more clarification.

Securing Your Email with DKIM Keys

Generating DKIM Keys Manually

If you want to produce a DKIM record, you can manually create the required key pair. There are multiple free tools accessible on the web for this task, such as EasyDMARC's DKIM Record Generator. Input a selector (e.g., k1) and your preferred domain, then select the desired key length.

The generator creates both a private key and a public key. The private key must be kept on the mail server, while the public key should be added to the DKIM record.

Adding a DKIM Entry to Enhance Email Security

Once you've generated your two DKIM keys, placing each one in its designated location is essential. The private key should be securely stored on the mail server, while a corresponding DNS entry for your domain will accommodate the public key. The private key is typically correctly situated if your email provider generates the key pair.

To make your public key available, you must officially associate it with your domain by creating a TXT-DNS record. Follow these steps to complete the process:

  1. Access the domain management section by signing in.
  2. Access DNS records.
  3. Generate a fresh TXT DNS entry.
  4. Please enter your DKIM hostname into the designated Hostname field. The hostname should include the selector and the domain, formatted as follows: Instead of choosing, please input the appropriate values.
  5. Put the public key into the value field.
  6. After saving the new entry, please allow 2-3 days for the DNS to process your changes.

Verifying Your DKIM Record

One way to determine if the DKIM record is publicly available is by using a DKIM checker tool, such as EasyDMARC's DKIM Record Lookup.

A straightforward method is to email your address and examine the header. Within it, you'll discover the DKIM Signature entry.

The DKIM signature is visible in the email header.


DKIM (DomainKeys Identified Mail) is vital for email security as it verifies the identity of email senders through digital signatures. This entails generating a distinct signature for outgoing emails, which the recipient's server authenticates using a public key linked to the sender.

The blog provides a comprehensive overview of DKIM, delving into its core principles and illustrating how it functions seamlessly between mail servers while preserving the end user's experience. It emphasizes the importance of hashing in identifying any changes in email content and highlights the effectiveness of asymmetric encryption in verifying the sender's identity.

The post explains how to set up DKIM by adding TXT records to name servers and creating a DKIM record. It highlights the importance of using DKIM to secure emails and explains how the setup process varies depending on the email service provider.

The blog shows how to make DKIM keys and add a DKIM entry for better email security. It explains the importance of connecting public keys with domains using DNS records and gives clear instructions for the whole process.

In conclusion, the blog reminds you to check the DKIM record using tools like DKIM checkers. It also suggests looking at the email header for the DKIM signature as a simple way to verify. The blog gives a complete guide to understanding, using, and checking DKIM for better email security.


FAQs about DKIM (DomainKeys Identified Mail)

Q1: What is DKIM, and why is it important for email security?

A1: DKIM, known as DomainKeys Identified Mail, confirms the identity of email senders through digital signatures. It is essential for email security because it stops fake emails by checking if the sender is genuine.

Q2: How does DKIM work between mail servers?

A2: DKIM works smoothly between mail servers without impacting the user's experience. When an email is sent, the sending server adds a digital signature. The receiving server then verifies the signature using the sender's email server's public key.

Q3: What role does hashing play in DKIM?

A3: Hashing is when an algorithm creates a hash value from the email's content. This hash value is put in the email header so the recipient can see if the email has been changed.

Q4: How does asymmetric encryption contribute to DKIM?

A4: Asymmetric encryption is essential for verifying the sender in DKIM. It uses a unique key pair. Data encrypted with one key (private key) can only be decrypted with the other key (public key). This process confirms the sender's digital signature is authentic.

Q5: What are the components of a DKIM record?

A5: A DKIM record has a version (v DKIM1), an encryption method (k=RSA), a long sequence for the public key (p=), and a selector based on the supplier (e.g., default. domainkey).

Q6: How can I set up a DKIM record for my emails?

A6: To set up a DKIM record, create a key pair and save it in the right place on your server. You can generate keys and entries independently if you manage your mail server or get help from your email service provider.

Q7: Can I generate DKIM keys manually?

A7: You can create DKIM keys using online tools like EasyDMARC's DKIM Record Generator. Enter a selector or domain, and choose the key length you want.

Q8: How do I verify my DKIM record's availability?

A8: You can check DKIM records using tools like EasyDMARC's DKIM Record Lookup. Also, you can verify the DKIM record's presence by looking at the email header for the DKIM signature.