What is DKIM Authentication?
Much like SPF, DKIM is another way to prove to receiving servers that your email can be trusted. While SPF proves that the email was originally sent by a domain you trust, DKIM will prove that the email has not been altered between the time it was sent and the time it is received by your recipients' servers. This protects your emails against being 'hijacked' or otherwise intercepted and tampered with by a 3rd party.
DKIM Authentication works by both parties (yourself and your ESP) utilizing a "DKIM Key". When email is sent from your ESP it is 'signed' with a unique DKIM key. If any changes are made to the email between the time the email is sent and the time the intended recipient receives it, the DKIM signature will have been altered and no longer match the key your server is expecting.
How do I enable DKIM for my emails?
We've included instruction below for the parties that need to be involved in this process. Typically DKIM setup will be handled by your IT team (DNS Provider/Manager) with some help from your site administrator.
Steps for ESP Site Administrator to complete
- Generate domain key.
- In your ESP account, click on Settings icon at the top right, then Account Management,
then Domain Keys. - On the Domain Keys page, click the yellow “Create Domain Key” button.
- Enter domain name, select key size, click ‘OK’.
- In your ESP account, click on Settings icon at the top right, then Account Management,
- Hover over the new record and click the blue ‘View’ button on the right.
- Copy and send the Domain Name, DKIM TXT Record Address, and DNS TXT Record values to the
individual who manages your DNS records (likely your IT department) to publish the record. - Enable signing once your DNS Manager has published the records.
- Click on Settings icon at the top right, then Account Management, then Domain Keys.
- Hover over your domain’s record, click the drop-down arrow next to ‘View’ and click
‘Enable Signing’.
Steps for DNS Provider or DNS Manager to complete
- Publish a TXT record using the information provided by the ESP Site Administrator
- Host: DKIM TXT Record Address.
- Value: DNS TXT Record.
Verify setup
Publishing Authentication may take up to 48 hours to propagate the internet. To verify the DKIM and SPF records have been setup properly, your ESP offers visible check points when creating a new campaign.
How-to verify SPF and DKIM are setup:
- Navigate to the Campaigns dashboard.
- Click “Create New Campaign” button.
- Select your “Sender Name and Address” on the right column.
- Next to the Sender Name and Address you will see green indicators.
Troubleshooting Tips
DKIM shows a mismatch error in your account (error pictured below)
This error indicates that the published DKIM key in your DNS system does not exactly match the DKIM key generated by Delivra. Try these things to correct the issue:
DNS limitation
Your DNS system may be truncating the DKIM key if it was generated as 2048 bit. Some DNS systems are built for 1024 bit keys, therefore a longer key length is not accepted. To correct the issue, delete the DKIM key in Delivra.
Then, create a new DKIM key. Be sure to change the key size to 1024.
Double-check published key for accuracy
If the above tip did not resolve the problem, next you should double check that the published DKIM key does not contain line breaks or spacing that is not seen in the key generated in Delivra.
Authentication checker tools
https://www.mail-tester.com/spf-dkim-check
Resources
See these related authentication articles in our Help Center.
Comments
0 comments
Article is closed for comments.