DomainKeys Identified Mail (DKIM) is a system that uses a public key to encrypt e-mails from a sending domain. The recipient's mail server decrypts the e-mail and verifies the signature using the sending domain's private key. It is a kind of digital signature for your e-mail. It works by creating a DKIM record in DNS records of your domain name. If the verification succeeds, the e-mail is considered trustworthy. This system helps prevent spoofing and phishing attacks because it guarantees that the e-mail actually comes from where it claims to come from. Adding a DKIM record to your domain is an important step in securing your e-mail communications.
In this article, we will go through all the information regarding DKIM. Let's get started!
So using a SPF record and DKIM is much more secure than using SPF alone.
What is DKIM (DomainKeys Identified Mail)?
DKIM stands for DomainKeys Identified Mail. It is a standard for verifying the domain name of an e-mail message. DKIM uses a cryptographic protocol to determine if an e-mail message has come from the specified domain name and that the message has not been altered during transmission. The DKIM record (DKIM public key) is created in DNS records of your domain name and must match the private key used by the mail server to send your e-mails.
DKIM was developed in 2005 by Yahoo and Cisco. In 2007, DKIM was approved as a standard by the Internet Engineering Task Force (IETF).
DKIM records are used by e-mail providers to determine whether an e-mail message comes from the specified domain name. A DKIM record contains a public key that is used to authenticate the e-mail message.
What is a DKIM record used for?
DKIM records are used to ensure that e-mails coming from a particular domain name are not forged or altered. DKIM is a way to confirm that an e-mail message actually comes from the domain name used in the message. If a recipient has a DKIM record for a particular domain name, that recipient can verify the authenticity of an e-mail message from that domain name.
Why DKIM works better than just SPF to prevent spoofing
SPF and DKIM are two important tools you can use for e-mail authentication. SPF is a protocol that identifies which servers allow email to be sent on behalf of a particular domain. DKIM is a protocol that digitally "signs" e-mail messages with a private key so recipients can verify that the e-mail messages are genuine from the sending domain.
If you use only SPF, a hacker can send an e-mail message on behalf of your domain without your knowledge. However, if you use SPF and DKIM, recipients can verify e-mail messages using the public key stored in the sending domain's DNS record. If the e-mail messages do not match the public key, the recipient knows for sure that the e-mail messages are not from the sending domain and will not open them.
Thus, using SPF and DKIM is much more secure than using SPF alone.
DKIM record - How does it work?
A DKIM record is found in a domain's DNS zone file. It is a TXT record containing a long string of characters. This is the DKIM public key.
DKIM works by adding a 'DKIM-Signature' header to an e-mail message. This is generated by using the DKIM private key. The header contains the string of characters generated by the encryption process.
The recipient of the e-mail message can verify the string of these characters using the domain's DNS record. If the string of characters matches, the recipient is assured that the e-mail message came from the specified domain name and that the message was not altered during transmission.
Thus, a correct DKIM signature is a combination of a correct public key and private key. The private key is configured on the mail server and is in the headers of all e-mails from that domain. A correct DKIM signature actually indicates that the digital signature of the e-mail is correct. That is, the owner of the domain authorizes this mailserver and puts a digital signature under this sender.
Add DKIM record
Add DKIM record at Site.eu
Site.eu is committed to providing our customers with the best possible experience. We know that one of the most important factors in maintaining a successful online presence is a reliable email service. Therefore, we ensure that our clients' domain names and emails are always protected with valid DKIM and SPF records. That way we can be sure that your emails are always delivered securely. So you can concentrate on what's important - running your business.
No hassle setting up your DKIM record or using a DKIM generator to put a private key or digital signature in your email header. You don't have to choose a selector or go through any other complicated configuration.
So at Site.eu you don't have to do anything to use DKIM. We will make this work properly for all your domain names. Just make sure you have the default settings of Site.eu turned on!
Add DKIM record elsewhere
To use DKIM, you need to place a public key in your domain's DNS. When an e-mail message is sent, a unique code containing the public key is generated and added to the message. The recipient can then verify the code with the public key to confirm that the e-mail has not been altered.
To add a DKIM record to your DNS records, you must create a TXT record with the public key. The TXT record should be created with the following syntax:
_domainkey.<DOMAIN>TXT ( "v=DKIM1; k=rsa; " "p=<PUBLIC KEY>" )
Here you see the domain name, the DKIM selector and the DKIM public key.
Replace <DOMAIN>with the domain name for which the DKIM record is intended. Replace <PUBLIC KEY>with the public key. You should obtain the public key from the company or system administrator that provides your hosting. With Site.eu, this is done automatically. Maybe a good reason to therefore buy your domain names at Site.eu?
If you want to use a subdomain for sending emails, you will have to create a DKIM record, or TXT record in the DNS records for that subdomain as well. However, you can use the same private key and thus share the same DKIM signatures.
What does a DKIM record look like?
A DKIM record has the following fields:
-
DKIM selector: a unique name for the record. This is used by the recipient to identify the record.
Domain: the domain name for which the record is intended.
Flags: a number of options indicating how the record is to be used.
Public Key: the public key used to verify the signing of the message.
A DKIM record is a short line of text added to a domain's DNS record. It contains a unique code that is used to confirm that an e-mail message came from the domain for which it is intended.
DKIM records have the following syntax:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN;
The v= line indicates which type of DKIM record it is. In this case, it is a DKIM1 record. The k= line indicates which key is used to sign the message. In this case, it is an RSA key. The p= line contains the key (public key) itself. In this example, the key is shown abbreviated. Full keys can be very long.
DKIM check or DKIM test
A DKIM check or DKIM test is performed to verify that everything is set up correctly. Our favorite way to check DKIM records, DKIM signature and SPF records is through https://www.mail-tester.com/. This is where you send an e-mail and then you see the score. They do this by checking the signature in the header of your e-mail. If your e-mail does not get a 10/10 score you will clearly see why not so you can improve your score.
There are other ways to check your DKIM record, but then you are often just checking that the DKIM DNS records exist and not whether your mail server is actually signing your emails with DKIM and whether the DKIM signature is correct.
DKIM record is automatically created at Site.eu
Thanks for reading this article. Now that you know all there is to know about DKIM, make sure your website is ready for prime time by registering your domain name at Site.eu. We'll make sure DKIM is set up correctly automatically, so you can focus on what you do best - running your business!
Couldn’t find what you were looking for?
You can always chat with one of our experts for any questions you might have!