What is DKIM and how does it work?

Modified on Thu, 06 Jun 2024 at 01:09 PM

DKIM (DomainKeys Identified Mail) is a signature any sender can apply to their email messages. This signature makes clear that the message’s sender is actually the message’s sender and not a bad actor. You can use any domain as the signature. For example, a company called “Red Bananas” will sign their messages with the “redbananas.com” domain to confirm that the message was sent by “Red Bananas”.

This is accomplished by inserting a hidden, cryptographic signature into your email header (SpinOffice will do this) and then placing a public key on your website’s DNS that verifies the authenticity of this signature.

Essentially, when you set up a DKIM, you’re telling internet service providers (ISPs) that you are sending mail from an authorized system and that it is not spam or spoofing. Like other email authentication methods, DKIM lets senders associate a specific domain with their email messages. Records published on the DNS vouch for an email’s authenticity.


However, DKIM has a unique way of doing this with an encrypted digital signature:

  • A public key published on the DNS txt record.
  • A private key included in the email header. That private key is the encrypted digital signature, which should be unique to the sender and match what’s published on the DNS.

When the two DKIM keys match, mailbox providers verify the identity of the sender and the message goes through to the inbox. If the key pair does not match, or if there is no DKIM signature detected by the email provider, it’s more likely that the email will be rejected or filtered into the spam folder. 

DKIM itself does not filter emails. However, it helps the receiving mail servers decide how to best filter incoming messages. A successful DKIM verification often means a reduced spam score for a message. That’s why setting up DKIM authentication is so important for email deliverability.

DKIM will help prevent spoofing and phishing of your domain, and an added benefit is that it allows Mailbox Providers such as Gmail, Microsoft, Yahoo, and AOL to track the email reputation of your sending domain.

With SpinOffice, we already offer SPF authentication. But since today, we also offer DKIM. Therefore, we highly recommends all customers to set up both for their sending domains.

How to implement DKIM for SpinOffice?

To set up DKIM with SpinOffice, you need to add two CNAME records in the DNS settings of your domain. Follow the How to set up Email Domain Authentication (SPF and DKIM) instructions to perform this. DKIM is instantly applicable for SpinOffice.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article