Originally developed at Yahoo!, DomainKeys Identified Mail has become a global standard in email security and is, together with its sister SPF, absolutely necessary to implement by anyone serious about mailing, especially if you want to send blast emails. In this post, we’ll show you how to setup DKIM and make your email more secure.
What is DKIM?
DomainKeys Identified Mail, or DKIM, is an authentication protocol that links a domain name to a message. The protocol allows you to sign your email with your domain name. The purpose of the DKIM protocol is not only to prove that the domain name has not been usurped, but also that the message has not been altered during transmission.
DKIM is in theory quite simple. It relies on asymmetric encryption and therefore works with any tool developed for such a use. First one has to generate a private/public key pair. Then the public part of the key has to be put as a TXT record to the domain which is used as the sender address. The private key is then used to create a signature for each email. The signature is basically a hash code and computed by taking the content of the email and combining it with the private key using a security algorithm. The signature is then saved as a header of the email.
When a receiving SMTP server detects such a header, it looks up the public part of the key by asking the domain name system (DNS) for the TXT record. One of the beauties of asymmetric encryption is that the keys are like brothers: they share DNA. Using the public key, anyone can tell whether the email was sent by the owner of the domain or not. If this check fails or if the header and therefore the signature does not exist, many email service providers raise an alarm and may, depending on the volume of email sent, decide to mark this email as spam or even to block the sender IP address.
Why should you use DKIM?
The reason is quite simple: along with SPF and DMARC, these are the main protocols for verifying the identity of senders. This is one of the most effective ways to prevent phishers and other scammers from posing as a legitimate sender, whose identity they could impersonate using the same domain name.
But this is not the only advantage. In fact, the implementation of these protocols improves email deliverability. Thanks to these protocols, your emails will be better identified by ISPs (Internet Service Providers) and your recipients’ email clients, which improves the chances of your emails reaching your contacts’ inbox and not the Spam folder.
These protocols have become the standard in the email world. A message sent without DKIM and/or SPF can be considered suspicious by the different email analysis tools.
How to set up DKIM in 3 simple steps
1. Setting up: Configuration of DKIM to generate the key pair
The tool of choice depends on your operating system. For Microsoft Windows you can use PUTTYGen (here is a tutorial), for Linux and Mac, you can use ssh-keygen (Github has an excellent tutorial).
2. Placing the public key as a TXT record in the DNS settings
We have provided a list of DNS providers together with links to official and third-party documentation:
With some DNS providers the setup can be quite tedious, but we would be glad to help you out. Just contact our support!
3. Generating and saving the signature
When using Sendmail or Postfix (the world’s two most popular SMTP server), or any other SMTP server that supports milter, you can use a special milter ( = email filter), the DKIM milter. This milter has been released by Sendmail as Open Source and allows to sign emails with a generated private key. Please have a look at the extensive documentation.
How to set up DKIM with Mailjet
To define Mailjet as a legitimate sender, you must configure your SPF and DKIM for each of your sending domains.
Setting up DKIM with Mailjet is very simple. Mailjet gives you the public key to register through your website host interface. There, you can integrate the public key into your registration area.
Here’s an example of how to do it:
You will find all the necessary information and step-by-step process in our documentation. It is so complete, it even includes support guides for each of the main hosting providers (OVH, Gandi, Cloudfare, Hostgator…).
Share your comments and ideas with us on Twitter, and follow us to be the first to receive our news.
***
This is an updated version of the blog post “How To Set Up DKIM In 3 Simple Steps” published on the Mailjet blog on March 13, 2014.