Understanding DKIM: How to Improve Deliverability?

What is DKIM?

DKIM is an encryption technology established by Cisco and Yahoo, which is one of the methods used by email service providers to authenticate the sender’s identity. Senders can use it to “sign” their emails. DKIM enables ISPs to verify if a message is authorized and sent by the sender responsible for the domain. When an email is not signed with DKIM, ISPs like Gmail and Microsoft can block the emails and prevent them from reaching the recipients.

 

How does DKIM work?

DKIM is a relatively simple form of email authentication as its sole purpose is to verify the responsibility of the sender for the domain and email content.

The two steps involved in DKIM are as follows:

  1. Senders add a private key and sign the message on their email server to add a digital DKIM signature to each email.
  2. The receiving server checks the public key stored in the TXT record at dkimselector._domainkey.domain.com to verify the private key added by the senders, using this public key to confirm the authenticity and source of the email and identify if the email has been altered during transmission.

 

As an independent brand, implementing DKIM means successfully signing your emails and informing ISPs that the email content is from your domain for which you are held fully accountable. This prevents malicious senders from using addresses like "@yourdomain.com" to send phishing emails.

 

DKIM provides a way for senders to sign emails, but it needs to be used along with SPF and DMARC:

  1. DKIM does not consider the sender of the email. Suppose only DKIM authentication is configured without SPF, the one responsible for the email could still be a malicious email sender.
  2. DKIM does not instruct mailbox providers on how to handle emails. It needs to go with DMARC authentication, which informs ISPs of what to do if an email fails or passes authentication.

 

How DKIM and SPF work together?

SPF informs ISPs about which IP addresses are allowed to send emails on behalf of your brand. DKIM is responsible for informing that content of the sent email is verified to match the intended sending purpose of your brand. The two authentication methods are complementary to each other, and the DMARC authentication will be effective only when SPF and DKIM authentication meet the DMARC requirements;

After creating a SmartPush account, you can choose to send emails using the SmartPush default domain or opt for a custom brand domain. SmartPush will automatically complete identity authentication and ensure the deliverability of your email whether it be a default domain or a custom domain;

 

Default Domain

Upon successful account registration, you can directly select the default domain for sending emails. The default domains of SmartPush are sender domains that have completed SPF, DKIM, and DMARC authentication.

 

Custom Domain

SmartPush will help you automatically generate TXT records of SPF, DKIM, and DMARC for custom domain authentication. If you upload the brand logo when authenticating the domain, it will also automatically generate TXT records of BIMI for you. Your domain administrator can easily publish the TXT entries to the DNS records of your domain to complete the authentication.

Note: If you haven’t uploaded the brand logo, we will only add SPF and DKIM email authentication, with a "P=none" DMARC policy. If you have uploaded the brand logo, we will help you add SPF, DKIM, DMARC, and BIMI authentication with the "P=quarantine" or "P=reject" DMARC policy.

You can view the authentication status of all custom domain names by going to [Settings] > [Domain Management] on SmartPush.

Have more questions? Submit a request

Comments