DKIM: Land Your Emails Right In The Inboxes Of Your Customers

Email verification remains one of the hot topics on the internet marketing space, due to several cases of phishing attacks on email users. To run a profitable online business today, you need a tool that will help you build a reputation for yourself as a trustworthy brand before ISPs. DKIM can be the game changer in your email marketing campaign.

Table Of Contents

With Clickable Navigation

What is DKIM?
How does DKIM work?
What is a DKIM signature?
What are DKIM Records?
Configuring DNS Records for DomainKeys / DKIM
Dig: A great tool for DKIM verification
Does DKIM Filter Email?
How Can I Test My DKIM?
Is your DKIM Verification Successful?
What Do the Results of My Email on Acid DKIM Test Mean?
How Important is Authentication and Sending Reputation?

What is DKIM?

DKIM means DomainKeys Identified Email. It is a verification tool that helps to show whether an organization has the right to deliver email messages to an audience or not. As a business or an organization, you can use this tool to “sign” emails as proof that they are from you.

How does DKIM work?

When an organization is preparing to send emails to its customers, it will sign the messages with a special signature. The receiver can use the signature for verification purposes. This makes it easier for the receiver to identify fake messages and ignore them.

Some email service providers such as Gmail and Yahoo! check an incoming email for a DKIM signature to enable them to identify the sender. When an email gets to the mail server, it will go through the DKIM header and check whether it is valid or not. The verification process involves the following:

  • Going through the DNS of the domain that sent the message to get its public key.
  • Using the public key to decrypt the signature. The internet service provider can determine the source of any message through the signature it decrypts.

Using the signature with your messages will boost your sender reputation. The mail server is able to verify your identity and show your target audience that you are a credible and trusted sender. This will have a positive impact on your deliverability through better message delivery.

What is a DKIM signature?

A DKIM signature is a special header you put in messages when you are sending them out. The header contains some special information that the email receiver will use to know the source of the message. The receiver will check your DKIM key and use it to check the signature.

This is an example of a signature:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=sparkpost.com; s=google;

h=from:content-transfer-encoding:subject:message-id:date:to:mime-version;

bh=ZkwViLQ8B7I9vFIen3+/FXErUuKv33PmCuZAwpemGco=;

b=kF31DkXsbP5bMGzOwivNE4fmMKX5W2/Yq0YqXD4Og1fPT6ViqB35uLxLGGhHv2lqXBWwFhODPVPauUXxRYEpMsuisdU5TgYmbwSJYYrFLFj5ZWTZ7VGgg6/nI1hoPWbzDaL9qh

There is a lot of information in the header. From the example, there are a couple of tags with their values in the header.

Some of the headers are:

“d=” that represents the signing domain

“b=” the digital signature

“bh=” a hash

Although each message has its special signature, each signature in the header must contain the elements above.

You create the DKIM when you sign your email with your digital signature. The signature will be in your message header. Your mail transfer agent will use a special algorithm to create the signature that you will add to the signed fields. The special signature is the “hash value.”

After generating the signature, the MTA will store the public key used for generating the signature in a listed domain. After the receiver MTA receives the email, it will use the DNS to get the public key used by the signer to verify the signature. It will then decrypt the hash value found in the email’s header with the key. It will calculate the hash value for the received message while decrypting the hash value.

If the signature-generating key and the public key from the message sender match, it means that the message hasn’t changed. This convinces the receivers of the credibility of the listed domain that sent the message.

What are DKIM Records?

DKIM uses DNS TXT record that is in a unique format. When DKIM creates a public/private key pair, it will add the public key to the DNS of your domain.

If you have different domains for sending email messages, you can keep a record of all these domains. This is the DKIM record. Each pair of keys has a special selector to make it easier to renew the DKIM records or make changes to them when necessary. The selector also makes it easy to identify the source of a record and do whatever you wish with it.

There are two types of DKIM records. These are:

  • Policy record, which is a record of information about the DKIM’s policy. It also contains your email addresses. A DKIM must have one policy record.

· DKIM DNS record, this represents the public signing key. It is the long string of special characters in the record. A domain can have more than one record if it has several servers with their own private keys for signing emails.

Configuring DNS Records for DomainKeys / DKIM

A basic need for a functional DKIM is to configure DNS records for it. Your email provider will give you the public keys you can add to the DNS during the configuration to get it running efficiently.

You can do the configuration in two simple ways:

  1. Insert the keys as a record in TXT format into your DNS.
  2. Use it as a CNAME that points to the key in the DNS of your provider.

Your provider will give you the DKIM string that looks like an encrypted message. Add this message into a TXT record while creating a DNS record.

While you are creating the record, you will have several options to choose from. Choose the appropriate option, TXT or CNAME, from the record type options. In the “Content” field, enter the string in the field.

Apart from the string, you will also get a specific sub-domain from your email provider. It may come in this form: my._domainkey.

Check the “Name” field and enter the special sub-domain in it.

If you receive a sub-domain with your domain name at the end, don’t add your domain name when adding the TXT record in the “Name” field. For instance, if you receive my._domainkey.mydomain.com, remove the .myname from the string and enter my._domain only in the “Name” field. Once you do this, you have successfully completed the configuration.

Another thing you could do is ask your hosting provider for help. They will handle the configuration on your behalf.

Dig: A great tool for DKIM verification

Once you are through with configuration, the DNS server should record your DNS record in a perfect order. This is necessary for your record to work smoothly. If you wish to know whether the DNS server returned your DKIM the way it should, you can do the verification with dig.

To start the registration process, check the domain name holding the TXT record and send a query for the record.

For instance, if your domain name is mydomain.com, send this query to retrieve the TXT record

Dig +short google._domainkey.mydomain.com TXT.

A successful verification process will give you a result in this format:

“v=DKIM1\\\\;k=rsa\\\\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3QEKyU1fSma0axspqYK5iAj+54lsAg4qRRCnpKK68hawSd8zpsDz77ntGCR0X2mHVvkf0WEOIqaspaG/A5IGxieiWer+wBX8lW2tE4NHTE0PLhHqL0uD2sif2pKoPR3Wr6n/rbiihGYCIzvuY4/U5G1”

If the verification process returns no result, the configuration process may have some flaws. Do another verification exercise to check whether you used the correct sub-domain while adding the TXT record.

For example, if you enter your domain name in the “Name” field in the DNS, that will generate a problem and won’t return a result.

Does DKIM Filter Email?

DKIM verifies a message’s sender only, it doesn’t filter emails. Nonetheless, DKIM’s usefulness doesn’t stop at message verification only. The email server can still use the information from the DKIM during a verification process. The information will assist it to support the efforts of the filter that the receiving domain is using for filtering messages.

For instance, if a trusted domain sends an email and the DKIM can verify the source of the message, the domain will be regarded as a credible source. The email server will deliver its messages to its recipients and won’t treat messages from the domain as spam.

If there is no way of verifying the DKIM signature of the email because it is a fake email or for any other reason, the DKIM will pass the message as email spam. In that case, the server will add a spam tag to the email’s subject line to warn receivers not to trust the email. Otherwise, the server may quarantine the mail.

For instance, GMAIL doesn’t deliver email messages from some organizations to their subscribers. This occurs if the email provider cannot verify the DKIM signature of the organizations. A host of other internet service providers do the same. This is a measure put in place to reduce cases of phishing.

How Can I Test My DKIM?

Before you start sending email messages out to your subscribers, you can test your DKIM signature to see whether it is working or not. A great way to test things out is sending an email from your domain to a verified Gmail account. That will give you a clue into how good your DKIM signature is.

This is how to test your DKIM through GMAIL:

  • Open Gmail web app.
  • Open an email in the app.
  • Beside the “Reply” button, there is a down arrow, click it.
  • Select “Show original” from the option.
  • If you find “signed-by: your domain name” in the original section, you have a good DKIM signature.

Is your DKIM Verification Successful?

A successful DKIM verification is proof that you got the verification process right. The simple steps below will help you to check whether your DKIM verification is successful or not.

  1. Login to http://dkimcore.org/tools/keycheck.html
  2. In the “Selector” field, enter “ms”.
  3. In the “Domain name” field, enter your domain name. Don’t add “www” to your domain name when entering it.
  4. Click the “Check” button.
  5. Enter your DKIM key and check its validity and value.
  6. The Control Panel page contains an “Account” button, click it.
  7. A menu will appear, click the “Sender” option.
  8. If you want to check the DKIM key of a particular sender’s email, click on the email address.
  9. The “TXT record value” area will contain the key you want to check, check it there.

What Do the Results of My Email on Acid DKIM Test Mean?

When you conduct a DKIM test, there are several possible results. They are:

  • pass = This is the result you get when everything works well. In this case, the sender signed the message, the signature was acceptable and passed the test.
  • fail = the sender signed the message, DKIM accepted the signature but the signature didn’t pass the test. This means that the signature in the message is correct but didn’t match the sending domain’s signature. This may mean that someone changed the message before it got to the server.
  • none = The message doesn’t have a DKIM signature. This is different from failing. This may be due to an error of omission.
  • policy = The message has a signature but the signature is not acceptable.
  • neutral = the message has a signature but there are errors in the message. Thus, the test cannot process the signature. This may be that the sender did not form the signature very well because the sending domain contains some configuration error.
  • temperror = the test can’t verify the message. This may be to some temporary error such as the test cannot get the public key. Since the error is temporary, the test may be able to verify the message if it checks the message a second time.
  • permerror = The test can’t verify the message due to some permanent error. For instance, the header field may be absent. Even if it tests the message several times, it may be unable to get a specific result. In this case, the entire signature or some part of the signature was missing when the receiver received it, which may be responsible for the failure. This may mean that you didn’t write the header correctly or someone changed it after you sent it.

These are the likely results you will get when you conduct this test. From the message, you will understand what the problem is, if there are any.

How Important is Authentication and Sending Reputation?

Have you ever wondered why it is important that you verify your message? What impact can your reputation have on your email deliverability?

Sender reputation is a score that Internet Service Providers will give you based on the number of emails you have sent out. Several factors determine your Sender Reputation. This includes spam complaints rate, bounce rate, and the number of unsubscribed members you have on your mail list.

The email server handling your emails separates email messages from each other. The server determines good and bad messages by using the factors above. If the figures for these factors are high, you will get a bad sender reputation while low figures will give you a good sender reputation.

If you have high bounce issues, this implies that something is wrong with your email list. It shows that you either bought the list or have not taken the time to clean the list to get rid of inactive members. To reduce high bounces, avoid buying an email list and always do a routine check to remove inactive emails from your list.

Remove people who have unsubscribed from your list immediately. Stop sending messages to them the moment they click the “unsubscribe” button. Such people tend to consider unsolicited messages as spam. If you continue bothering them with messages, they may hit back and report you as a spammer.

If you have an impressive sender reputation, it will rub off on your deliverability. Your email messages won’t end up in people’s spam boxes but right in their inboxes. If your sender reputation is bad, your email will end up as spam or flagged before it reaches the recipient. That’s bad for business.

Email verification is also an important part of running a successful online business. Considering how fast email phishing attacks are increasing daily, it is crucial that you find a way to be different from others. That’s what DKIM does for you.

Some other benefits of email verification include:

  1. You will have fewer spam complaints

Spam complaints can damage your reputation beyond repair. To become a successful brand, your spam rate should be very low. If you have a good email verification culture, your audience won’t have cause to mark your messages as spam. When users can identify your brand as trustworthy, they won’t have reasons to complain about it.

  1. Better deliverability

The increasing rate of spamming is a turn off for many subscribers. They have developed the habit of rejecting messages from unknown sources. To increase your email delivery rate, create a trustworthy sender reputation for your brand. Email verification will help you achieve that.

  1. It prevents blacklisting

When you are on a blacklist, you find it difficult to reach your customers with your emails. The server will always reject your message for as long you are still on the list. Regular spam complaints may earn you blacklisting. The attendant restriction will do more damage to your business than you can ever imagine. You can prevent this by ensuring that messages from your domain undergo the right verification process before you send them out.

DKIM helps Internet Service Providers see your brand as a genuine and trustworthy business. This helps you get your emails to land in the inboxes of your customers, meaning more open rates, better engagement and bigger conversions for you. Be sure to test your DKIM after its configuration to ensure that you configured it well.

Let’s Get In Touch

Are you ready to talk about this article, and allow us to answer any questions you may have regarding our products or services? MailMonitor would love to chat more with you about this topic, or anything else related to our industry.

Guide to Spam Proof Email Marketing: Part 5 – Improve Email Open Rates

You've done the hard work and have managed to establish a good email list and segmented it properly.  However, there is still one more very crucial thing to do – and that is to improve your email open rate. In part five of our email series 'Your Guide to Spam Proof...

Email Blacklists: How You End Up On Them & How You Get Off Them

An email blacklist is real-time, automated databases that use specific criteria in determining if an IP is sending spam emails. Email blacklists are also known as DNS-based Blackhole Lists. There are a number of blacklists in the industry, including SpamCop, Spamhaus,...

How to Prepare Your Holiday Email Marketing for the Season

As we round the corner and head towards the end of 2018, it's time to get serious about your end of the year, holiday email marketing strategy.  Considering that, for many businesses, the holiday season spanning from early November to early January can be hugely...

Just What Is SNDS Anyway?

We've received a lot of questions around SNDS lately and feel now is a great time to review what it stands for, what it does, and why it's important to your email marketing process. The Microsoft/Outlook Smart Network Data Services (SNDS) is a free service that...

7 Ways to Improve Email Deliverability

It goes without saying, but if your emails aren’t getting delivered, then your email marketing efforts are a massive waste of your company's time and money.  Email deliverability is the number one metric we should all be driving to as email marketers. You’ve probably...

Seed Updates and Additions

We have added Rogers.com, a large Canadian ISP, to our seed list and deliverability tracking reports.  Also, due to a cable company acquisition, our Optimum seeds are now Charter addresses. All additions can be downloaded within your MailMonitor account. If you don't...

Control Your Email Deliverability and Grow Your Business

Without question, obtaining new customers and keeping current customers happy is key to the success of any business.  Let's face it, without customers you don't have a business.  Creating a solid email marketing strategy is one of the best tools you have available to...

Sowing the Seeds of Email: The Hows and Whys Around Email Seed Lists

For marketers, creating and sending emails comes with two goals: Get the email to land in your target audience's inbox, and Get your target audience to act on your email (preferably in a positive manner and not 'unsubscribe') In the beginning, the process was pretty...

How and Why to Establish an Email Deliverability Audit

Are you worried about your email strategies? Is there uncertainty around the effectiveness of your messages or even worse, are you sure your emails are even reaching the intended recipients?  The answer to all these questions is simple: In order to be sure, you need...

Email Sender Reputation Tracking

Sender reputation is increasingly important for delivery performance. Mail Monitor gathers various reputation metrics including those through Microsoft's SNDS (Smart Network Data Services) reporting program to assist the reputation tracking. Our tools automate the...