Ensure You’re Using a Valid DKIM Record
The validity of your DKIM record is important during your email authentication and DMARC compliance journey. DMARC is built on two pillars: SPF and DKIM. If one of them is missing and the other fails, your DMARC fails immediately, and all the protection you set up with all the records vanishes.DKIM (DomainKeys Identified Mail) protects email senders and recipients from malicious or forged emails by placing a digital signature that can only be decrypted by a specific private key.
This ensures that the original email hasn’t been modified in transit and comes from the sender it claims to be from. This provides a layer of protection from email spoofing, phishing, and other malicious email scams.
EasyDMARC’s DKIM Record Generator is an easy-to-use tool that helps you obtain a valid DKIM record in a few clicks. It’s as helpful at creating a DKIM record from scratch as it is for updating it if you already have one.With the generated DKIM record at hand, you’re free to implement it in your system for an added layer of protection on the way to full email authentication.
Frequently Asked Questions
What Is DKIM?
DomainKeys Identified Mail or DKIM is an email authentication method that uses a pair of public-private DKIM keys to cryptographically ‘sign’ all outgoing emails. It protects email senders from phishing, spam, and spoofing by allowing recipient servers to verify the authenticity of the senders’ emails. Read more about DKIM specifications here.
How Does DKIM Work?
DKIM uses a pair of cryptographic keys, one private and one public, to verify messages. A private DKIM key adds an encrypted signature header to all outgoing messages sent from your email domain. A matching public DKIM key is added to your email domain's Domain Name System (DNS) via a DKIM record. Email recipient servers then retrieve the public key from your DKIM record to decrypt the message signature, validate the message’s origin, and verify that it wasn’t changed in transit. Generally, DKIM detects forged header fields and content in emails. Learn more about how DKIM record works here.
How Do I Generate a DKIM Record?
You can generate a DKIM record for your email sending domain(s) quickly and easily with EasyDMARC’s DKIM Record Generator tool. Be sure to create DKIM records for all the sending domains authorized to send mail on your organization’s behalf. If you’re using a third-party email service provider (ESP) like MailChimp, Google, Microsoft365, etc., you must go to your ESP portal and obtain your DKIM key. ESPs store their private DKIM key in their servers and provide a public DKIM key to be stored on users’ DNS zones.
How Do I Use EasyDMARC’s DKIM Record Generator?
It’s easy! Our DKIM generator platform allows you to create a DKIM record and DKIM keys in just a few clicks. In the fields provided, specify your domain name, DKIM “selector” name, and the key length:
- Name the selector something you can identify easily in the future.
- Enter your domain name; this should match the visible “From” address domain.
- Specify the key length. We support 1024, 2048, and 4096-bit length keys.
- Once the DKIM record is generated, store the private key in your mail server configurations (with .pem file), and implement the public key in your DNS Zone.
How Do I Generate a DKIM Key Pair?
You can use EasyDMARC’s DKIM Record Generator to generate DKIM keys for your own dedicated email servers. As DKIM works with private and public keys, there are multiple use cases for DKIM implementation:
- If you’re using a third-party ESP (Google, Microsoft365, Mailchimp, etc.), public DKIM keys are obtained from their portals. ESPs won't share their private keys for privacy and security reasons.
- For dedicated servers, EasyDMARC's DKIM Generator tool is specifically designed to make the process quick and easy. Once generated, you’ll need to securely store the private key in your own server while implementing the public key in your DNS.
Do I Need To Generate a DKIM Record if I’m Using a Third-Party ESP?
No. This is a common misconception. You only need to generate a DKIM record for your own dedicated mail servers. Third-party ESPs, such as Google Workspace, Microsoft, Mailchimp, etc., already store a private DKIM key in their own mail server configurations and provide only public signatures for their users. You need to get the public signature or key from your given ESP portal, implement it in your DNS, and later turn on the “Activation” for DKIM within your ESP portal.