What is DKIM and how does it help my deliverability with emails? (avoiding SPAM filters)

Updated: 11/21/2019
Article #: 310


What is DKIM? 

DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages weren’t altered in transit between the sending and recipient servers. It uses public-key cryptography to sign email with a private key as it leaves a sending server. Recipient servers can then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit. Once the hash made with the private key is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.

 

Why implement DKIM?
It’s easy to impersonate a trusted sender over SMTP. This led to spam for end users that appeared to come from legitimate sources. Spoofing email from trusted domains is a popular technique for malicious spam and phishing campaigns, and DKIM makes it harder to spoof email from domains that use it.

DKIM is compatible with existing email infrastructure and works with SPF and DMARC to create a layered security for domains sending emails. Mail servers that don’t support DKIM signatures are still able to receive signed messages without any problems. It’s an optional security protocol, and DKIM is not a universally adopted standard.

Even though it’s not required, we recommend you use it whenever possible to authenticate mail from your domain. We use it to sign messages at Cayzu, and ISPs like Yahoo, AOL, and Gmail use it to check incoming messages. We’ve done testing that proved messages are more likely to be delivered when they use these security protocols.

An additional benefit of DKIM is that ISPs use it to build a reputation on your domain over time. As you send email and improve your delivery practices (low spam and bounces, high engagement), you help your domain build a good sending reputation with ISPs which improves delivery.

While it’s important to understand what DKIM does, it’s also important to be clear about what it doesn’t solve. Using DKIM will make sure your message hasn’t been altered, but it doesn’t encrypt the contents of your message. Many ESPs use opportunistic TLS to encrypt messages as they move between sender and recipients, but it’s still possible to send unencrypted messages if an email server refuses a TLS handshake. Once a message has been delivered, the DKIM signature will remain in the SMTP headers but won’t encrypt the content of the message in any way.

Since we’ve described what DKIM does, let’s move on to how it protects your domain’s email.

How does DKIM work? 
DKIM uses two actions to verify your messages. The first action takes place on a server sending DKIM signed emails, while the second happens on a recipient server checking DKIM signatures on incoming messages. The entire process is made possible by a private/public key pair. Your private key is kept secret and safe, either on your own server or with your ESP and the public key is added to the DNS records for your domain to broadcast it to the world to help verify your messages. Let’s dive a little deeper into how DKIM works on servers that are sending and receiving email.

 

Diagram of how DKIM protects messages.

 

 

 

How do I implement DKIM on my domain?
No matter which ESP or mail server you use, the general setup for DKIM is the same. You need a private key stored somewhere safe, and you need to share a public key in your domain’s DNS records.

 

To get started with this process, email support@cayzu.com with the domain name that you will be emailing from.

 

 

Want more information on Cayzu Help Desk? Visit https://www.cayzu.com 

 

 

 

 

Source

 

 






Rate this Topic:
Rating: 5.00 / Votes: 1