In this DKIM setup guide, we’ll walk you through the steps on how to set up DKIM correctly, test it, avoid common pitfalls, and fix common mistakes. In case you’re new to DKIM, or DomainKeys Identified Mail, we’ll start with a high-level overview before getting to the step-by-step instructions, but you can first look up your DKIM record here.
What is DKIM? A Brief Introduction
DKIM is a standard that uses an encryption key to digitally sign your emails so your recipients know the message has not been faked or altered in transit. DKIM uses asymmetric encryption to create a digital signature in the header of your emails. Receiving SMTP servers can check an email’s signature to verify the authenticity of the sending domain. For more information, you can read our explanation of DKIM for email.
Take a Product Tour
Want to know how to further simplify DKIM (and DMARC and SPF, while you're at it? Watch a simulated demo of Agari DMARC Protection!
How to Set Up DKIM Step by Step
You’ll need a few things to start DKIM setup:
- A list of all your domains that send emails
- A DKIM package for your email server
- A DKIM key wizard (which are readily found online for free)
- Access to your DNS (or someone who does)
- A DKIM record checker (which are also readily found online for free)
Then you can proceed along the path to a correct DKIM setup:
- List all your sending domains
- Install a DKIM package on your email server (see details below)
- Create the public & private DKIM key pair
- Publish the public DKIM key
- Hide the private DKIM key
- Configure your email server
- Test your DKIM setup
Prevent Email Spoofing Attacks
DKIM helps improve email deliverability and when combined with SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance), it can play a critical role in preventing email spoofing.
Email spoofing occurs when a fraudster sends an email that looks as though it was sent from someone else by using a forged sender address. For example, fraudsters might send your employees emails that appear to come from your CEO, or they might send your customers emails that appear to come from you.
This is one of the identity deception techniques email crime rings use to bamboozle people into revealing sensitive information—including their login credentials or financial information. Email spoofing is used in phishing and business email compromise (BEC) scams.
Adding SPF, DMARC, and BIMI in addition to DKIM will further help prevent email spoofing and improve email deliverability.
Sender Policy Framework (SPF) is an email authentication standard that allows domain owners to specify which servers are authorized to send email with their domain in the “Make From:” email address. SPF allows receiving email systems to query DNS to retrieve the list of authorized servers for a given domain. If an email message arrives via an authorized server, the receiver can consider the email legitimate.
Domain-based Message Authentication, Reporting & Conformance (DMARC) is an email authentication standard that works as a policy layer for SPF and DKIM to help email receiving systems recognize when an email isn’t coming from a company’s approved domains, and provides instructions to email receiving systems with email on how to safely dispose of unauthorized email.
Brand Indicators for Message Identification (BIMI) is an email specification that works in conjunction with DMARC to enable companies to have their logos displayed next to their email messages in a recipient’s email client. Not only does this enhance brand visibility in crowded inboxes, it also verifies that the email is legitimate and comes from a trusted source.
The Lofty Enterprise-Scale Deployment: No Dainty (DomainKey) Undertaking!
Adding DKIM, SPF, DMARC or BIMI to a single domain is relatively easy and takes just a few moments. But applying them across all the domains in an organization's entire email ecosystem can get complicated and costly—fast. This is especially true when you’re talking about thousands of domains across numerous divisions and third-party email partners at a large enterprise, so they need to leverage a more comprehensive and automated solution, such as Agari DMARC Protection.
Discover how Agari DMARC Protection automates and simplifies email authentication so you can get to a policy level of Reject faster!