The Importance of DKIM


Originally published at: https://www.emwd.com/the-importance-of-dkim/

One of our more popular services at EMWD is our Mailman hosting service. Mailman allows a user to send email to multiple recipients. The number of these recipients can be in the thousands. Getting email delivered to such a large audience can be very challenging today in a world full of spam filters, greylisting, and other forms of spam fighting tools. DKIM helps authenticate your email and it builds trust with other ISPs so your email ends up in the inbox of your list member rather than their spam folder.

What is DKIM?

DKIM is an acronym for DomainKeys Identified Mail. DKIM allows email senders to associate their domain name with an email message, thus vouching for its authenticity.

An email sender creates the DKIM by “signing” the email with a digital signature. This “signature” is located in the message’s header. The sending mail transfer agent (MTA) generates the signature by using an algorithm applied to the content of the signed fields. This algorithm creates a unique string of characters, or a “hash value.”

When the MTA generates the signature, the public key used to generate it is stored at the listed domain. After receiving the email, the recipient MTA can verify the DKIM signature by recovering the signer’s public key through DNS (Domain Name Service). The recipient MTA then uses that key to decrypt the hash value in the email’s header and simultaneously recalculates the hash value for the mail message it received. If these two keys match, then the email has not been altered, giving users some security knowing that the email did originate from the domain name of the sender, and that it hasn’t been modified since it was sent.

Why Should I Use DKIM?

Many ISPs (such as Yahoo!, Gmail, Outlook and others) will check for a valid DKIM signature on incoming email as a means of recognizing the originator. When an ISP’s mail server receives an email it assesses the DKIM header and then performs the following tasks:

  1. Retrieves the public key from the DNS of the sending domain (re: example.com if the sender is name@example.com)
  2. Uses the key to decrypt the signature and verify the content.

In that sense DKIM is a means of increasing the deliverability of your email posts and your sender reputation, as it allows you to let the receiving mail server verify your reliability. This should result in a greater chance that your email will end up in the user’s inbox rather than their spam folder.

Am I using DKIM?

If you are a client of EMWD and using our DNS via our nameservers (ns1.emwd.com and ns2.emwd.com) then the answer is yes. If you are not using our DNS and are using another provider’s DNS then the answer is most likely no. The reason being is while we can generate a private/public DKIM key pair on our server, the client would still need to set up the public key as a DNS record with their DNS provider. This is something that is not automatically done when you first become an EMWD client.

You can use Mail-tester.com to check for a valid DKIM record for your EMWD hosted domain. The DKIM selector to use is default.

How do I enable DKIM?

If you are using our DNS then DKIM will already be enabled. If you are not, then the easiest thing to do is contact us via our support ticket system (accessible via your client area) and let us know you want to get DKIM setup on your domain. Then we will help you with the process. We do highly recommend that all of our clients use DKIM.