DKIM: Land Emails Right in the Inboxes of Your Customers

Email Deliverability Simplified | The Blog

DKIM - Land Emails Right in the Inboxes of Your Customers

DKIM: Land Your Emails Right In The Inboxes Of Your Customers

Email verification remains one of the hot topics on the internet marketing space, due to several cases of phishing attacks on email users. To run a profitable online business today, you need a tool that will help you build a reputation for yourself as a trustworthy brand before ISPs. DKIM can be the game changer in your email marketing campaign.

Table Of Contents

With Clickable Navigation

What is DKIM?
How does DKIM work?
What is a DKIM signature?
What are DKIM Records?
Configuring DNS Records for DomainKeys / DKIM
Dig: A great tool for DKIM verification
Does DKIM Filter Email?
How Can I Test My DKIM?
Is your DKIM Verification Successful?
What Do the Results of My Email on Acid DKIM Test Mean?
How Important is Authentication and Sending Reputation?

What is DKIM?

DKIM means DomainKeys Identified Email. It is a verification tool that helps to show whether an organization has the right to deliver email messages to an audience or not. As a business or an organization, you can use this tool to “sign” emails as proof that they are from you.

How does DKIM work?

When an organization is preparing to send emails to its customers, it will sign the messages with a special signature. The receiver can use the signature for verification purposes. This makes it easier for the receiver to identify fake messages and ignore them.

Some email service providers such as Gmail and Yahoo! check an incoming email for a DKIM signature to enable them to identify the sender. When an email gets to the mail server, it will go through the DKIM header and check whether it is valid or not. The verification process involves the following:

  • Going through the DNS of the domain that sent the message to get its public key.
  • Using the public key to decrypt the signature. The internet service provider can determine the source of any message through the signature it decrypts.

Using the signature with your messages will boost your sender reputation. The mail server is able to verify your identity and show your target audience that you are a credible and trusted sender. This will have a positive impact on your deliverability through better message delivery.

What is a DKIM signature?

A DKIM signature is a special header you put in messages when you are sending them out. The header contains some special information that the email receiver will use to know the source of the message. The receiver will check your DKIM key and use it to check the signature.

This is an example of a signature:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google;




There is a lot of information in the header. From the example, there are a couple of tags with their values in the header.

Some of the headers are:

“d=” that represents the signing domain

“b=” the digital signature

“bh=” a hash

Although each message has its special signature, each signature in the header must contain the elements above.

You create the DKIM when you sign your email with your digital signature. The signature will be in your message header. Your mail transfer agent will use a special algorithm to create the signature that you will add to the signed fields. The special signature is the “hash value.”

After generating the signature, the MTA will store the public key used for generating the signature in a listed domain. After the receiver MTA receives the email, it will use the DNS to get the public key used by the signer to verify the signature. It will then decrypt the hash value found in the email’s header with the key. It will calculate the hash value for the received message while decrypting the hash value.

If the signature-generating key and the public key from the message sender match, it means that the message hasn’t changed. This convinces the receivers of the credibility of the listed domain that sent the message.

What are DKIM Records?

DKIM uses DNS TXT record that is in a unique format. When DKIM creates a public/private key pair, it will add the public key to the DNS of your domain.

If you have different domains for sending email messages, you can keep a record of all these domains. This is the DKIM record. Each pair of keys has a special selector to make it easier to renew the DKIM records or make changes to them when necessary. The selector also makes it easy to identify the source of a record and do whatever you wish with it.

There are two types of DKIM records. These are:

  • Policy record, which is a record of information about the DKIM’s policy. It also contains your email addresses. A DKIM must have one policy record.

· DKIM DNS record, this represents the public signing key. It is the long string of special characters in the record. A domain can have more than one record if it has several servers with their own private keys for signing emails.

Configuring DNS Records for DomainKeys / DKIM

A basic need for a functional DKIM is to configure DNS records for it. Your email provider will give you the public keys you can add to the DNS during the configuration to get it running efficiently.

You can do the configuration in two simple ways:

  1. Insert the keys as a record in TXT format into your DNS.
  2. Use it as a CNAME that points to the key in the DNS of your provider.

Your provider will give you the DKIM string that looks like an encrypted message. Add this message into a TXT record while creating a DNS record.

While you are creating the record, you will have several options to choose from. Choose the appropriate option, TXT or CNAME, from the record type options. In the “Content” field, enter the string in the field.

Apart from the string, you will also get a specific sub-domain from your email provider. It may come in this form: my._domainkey.

Check the “Name” field and enter the special sub-domain in it.

If you receive a sub-domain with your domain name at the end, don’t add your domain name when adding the TXT record in the “Name” field. For instance, if you receive, remove the .myname from the string and enter my._domain only in the “Name” field. Once you do this, you have successfully completed the configuration.

Another thing you could do is ask your hosting provider for help. They will handle the configuration on your behalf.

Dig: A great tool for DKIM verification

Once you are through with configuration, the DNS server should record your DNS record in a perfect order. This is necessary for your record to work smoothly. If you wish to know whether the DNS server returned your DKIM the way it should, you can do the verification with dig.

To start the registration process, check the domain name holding the TXT record and send a query for the record.

For instance, if your domain name is, send this query to retrieve the TXT record

Dig +short TXT.

A successful verification process will give you a result in this format:


If the verification process returns no result, the configuration process may have some flaws. Do another verification exercise to check whether you used the correct sub-domain while adding the TXT record.

For example, if you enter your domain name in the “Name” field in the DNS, that will generate a problem and won’t return a result.

Does DKIM Filter Email?

DKIM verifies a message’s sender only, it doesn’t filter emails. Nonetheless, DKIM’s usefulness doesn’t stop at message verification only. The email server can still use the information from the DKIM during a verification process. The information will assist it to support the efforts of the filter that the receiving domain is using for filtering messages.

For instance, if a trusted domain sends an email and the DKIM can verify the source of the message, the domain will be regarded as a credible source. The email server will deliver its messages to its recipients and won’t treat messages from the domain as spam.

If there is no way of verifying the DKIM signature of the email because it is a fake email or for any other reason, the DKIM will pass the message as email spam. In that case, the server will add a spam tag to the email’s subject line to warn receivers not to trust the email. Otherwise, the server may quarantine the mail.

For instance, GMAIL doesn’t deliver email messages from some organizations to their subscribers. This occurs if the email provider cannot verify the DKIM signature of the organizations. A host of other internet service providers do the same. This is a measure put in place to reduce cases of phishing.

How Can I Test My DKIM?

Before you start sending email messages out to your subscribers, you can test your DKIM signature to see whether it is working or not. A great way to test things out is sending an email from your domain to a verified Gmail account. That will give you a clue into how good your DKIM signature is.

This is how to test your DKIM through GMAIL:

  • Open Gmail web app.
  • Open an email in the app.
  • Beside the “Reply” button, there is a down arrow, click it.
  • Select “Show original” from the option.
  • If you find “signed-by: your domain name” in the original section, you have a good DKIM signature.

Is your DKIM Verification Successful?

A successful DKIM verification is proof that you got the verification process right. The simple steps below will help you to check whether your DKIM verification is successful or not.

  1. Login to
  2. In the “Selector” field, enter “ms”.
  3. In the “Domain name” field, enter your domain name. Don’t add “www” to your domain name when entering it.
  4. Click the “Check” button.
  5. Enter your DKIM key and check its validity and value.
  6. The Control Panel page contains an “Account” button, click it.
  7. A menu will appear, click the “Sender” option.
  8. If you want to check the DKIM key of a particular sender’s email, click on the email address.
  9. The “TXT record value” area will contain the key you want to check, check it there.

What Do the Results of My Email on Acid DKIM Test Mean?

When you conduct a DKIM test, there are several possible results. They are:

  • pass = This is the result you get when everything works well. In this case, the sender signed the message, the signature was acceptable and passed the test.
  • fail = the sender signed the message, DKIM accepted the signature but the signature didn’t pass the test. This means that the signature in the message is correct but didn’t match the sending domain’s signature. This may mean that someone changed the message before it got to the server.
  • none = The message doesn’t have a DKIM signature. This is different from failing. This may be due to an error of omission.
  • policy = The message has a signature but the signature is not acceptable.
  • neutral = the message has a signature but there are errors in the message. Thus, the test cannot process the signature. This may be that the sender did not form the signature very well because the sending domain contains some configuration error.
  • temperror = the test can’t verify the message. This may be to some temporary error such as the test cannot get the public key. Since the error is temporary, the test may be able to verify the message if it checks the message a second time.
  • permerror = The test can’t verify the message due to some permanent error. For instance, the header field may be absent. Even if it tests the message several times, it may be unable to get a specific result. In this case, the entire signature or some part of the signature was missing when the receiver received it, which may be responsible for the failure. This may mean that you didn’t write the header correctly or someone changed it after you sent it.

These are the likely results you will get when you conduct this test. From the message, you will understand what the problem is, if there are any.

How Important is Authentication and Sending Reputation?

Have you ever wondered why it is important that you verify your message? What impact can your reputation have on your email deliverability?

Sender reputation is a score that Internet Service Providers will give you based on the number of emails you have sent out. Several factors determine your Sender Reputation. This includes spam complaints rate, bounce rate, and the number of unsubscribed members you have on your mail list.

The email server handling your emails separates email messages from each other. The server determines good and bad messages by using the factors above. If the figures for these factors are high, you will get a bad sender reputation while low figures will give you a good sender reputation.

If you have high bounce issues, this implies that something is wrong with your email list. It shows that you either bought the list or have not taken the time to clean the list to get rid of inactive members. To reduce high bounces, avoid buying an email list and always do a routine check to remove inactive emails from your list.

Remove people who have unsubscribed from your list immediately. Stop sending messages to them the moment they click the “unsubscribe” button. Such people tend to consider unsolicited messages as spam. If you continue bothering them with messages, they may hit back and report you as a spammer.

If you have an impressive sender reputation, it will rub off on your deliverability. Your email messages won’t end up in people’s spam boxes but right in their inboxes. If your sender reputation is bad, your email will end up as spam or flagged before it reaches the recipient. That’s bad for business.

Email verification is also an important part of running a successful online business. Considering how fast email phishing attacks are increasing daily, it is crucial that you find a way to be different from others. That’s what DKIM does for you.

Some other benefits of email verification include:

  1. You will have fewer spam complaints

Spam complaints can damage your reputation beyond repair. To become a successful brand, your spam rate should be very low. If you have a good email verification culture, your audience won’t have cause to mark your messages as spam. When users can identify your brand as trustworthy, they won’t have reasons to complain about it.

  1. Better deliverability

The increasing rate of spamming is a turn off for many subscribers. They have developed the habit of rejecting messages from unknown sources. To increase your email delivery rate, create a trustworthy sender reputation for your brand. Email verification will help you achieve that.

  1. It prevents blacklisting

When you are on a blacklist, you find it difficult to reach your customers with your emails. The server will always reject your message for as long you are still on the list. Regular spam complaints may earn you blacklisting. The attendant restriction will do more damage to your business than you can ever imagine. You can prevent this by ensuring that messages from your domain undergo the right verification process before you send them out.

DKIM helps Internet Service Providers see your brand as a genuine and trustworthy business. This helps you get your emails to land in the inboxes of your customers, meaning more open rates, better engagement and bigger conversions for you. Be sure to test your DKIM after its configuration to ensure that you configured it well.

Let’s Get In Touch

Are you ready to talk about this article, and allow us to answer any questions you may have regarding our products or services? MailMonitor would love to chat more with you about this topic, or anything else related to our industry.

How to Increase Email Open Rates: Part 2

In Part 1 of our series, some of the accuracy problems with tracking open rates were discussed. Furthermore, while open rates measure trackable opens across entire email campaigns, seed tracking offers specific metrics by the email providers. This allows easy...

MailMonitor Adds 6 more ISPs to Deliverability Reporting

The following 6 ISPs have been added to MailMonitor Delivery reports effective immediately: BT Internet You'll find the additional seeds accounts available for download in your MailMonitor account. Once you add them to...

Hotmail / Supports IMAP….FINALLY

Just recently (formerly Hotmail) began supporting IMAP. What is IMAP and what does this mean for Mail Monitor accounts? IMAP allows applications to connect and...

Email Engagement: Everything You Need to Know for Success

Having engaged and loyal customers can seriously boost your company’s revenue, and creating an email engagement strategy will help you get there. While it's acceptable to do general mailings to your entire customer base, regardless of their engagement status, it's...

Things You Need to Know About Google AMP

In February, Google announced that it is incorporating its Accelerated Mobile Pages (AMP) initiative into Gmail in order to offer a better experience to mobile email users.  The open-source initiative was initially designed to make websites, ads and other online...

Email Deliverability Case Study | MailMonitor Customer Featured features daily local deals to their customers. Since their daily deals are delivered via email each day, high email deliverability rates are particularly critical to their success. Zozi was recently used in a case study by the email marketing research...

Guide to Spam Proof Email Marketing: Part 2 – Start Your Email Marketing Process

Welcome to Part 2 in our series, 'Your Guide to Spam Proof Email Marketing.'  In this blog, we will cover everything you need to know to start your email marketing process. Setup Your Email Marketing Process The first thing you'll want to do is build your email lists....

Control Your Email Deliverability and Grow Your Business

Without question, obtaining new customers and keeping current customers happy is key to the success of any business.  Let's face it, without customers you don't have a business.  Creating a solid email marketing strategy is one of the best tools you have available to...

GDPR Refresher: Is Your Business Compliant?

By now we're sure you've heard about the General Data Protection Regulation (GDPR) regulations that went into effect earlier this year.  While the policy was specifically designed under European laws, it still has impacted many US companies (specifically those that do...

Email Deliverability Best Practices

To help you get it right, we’ve put together our list of best practice tips and processes to improve your overall email deliverability rate and ensure that your marketing emails land at their desired location…..the inbox!

Privacy Preference Center

MailMonitor Cookies

This data is used to deliver customized content and advertising within MailMonitor to customers whose behavior indicates that they are interested in a particular subject area.

MailMonitor may keep track of the pages our users visit within the MailMonitor website in order to determine what MMG services are the most popular.


To send periodic emails. The email address you provide for order processing may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc.

MailMonitor may use your information to create customized emails and offers.


This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain the quality of the service, and to provide general statistics regarding use of the MMG website.

Information about your computer hardware and software may be automatically collected by MMG.