Are you tired of seeing your emails end up in the spam folder? Want to protect your business from phishing attacks? Then you need to know about DKIM!

Recent studies show that using DKIM (DomainKeys Identified Mail) significantly increases email deliverability and reduces the risk of phishing attacks. It really can be that easy –  with just a few simple steps, you can protect your emails from being diverted to spam, and your business from the growing problem of cyber threats.

Let’s get started!

What Is DKIM?

DKIM (DomainKeys Identified Mail) is a method of authenticating the origin of an email message. It allows the person receiving the message to check that it was actually sent by the domain it claims to be sent from, and that it hasn’t been modified during transit.

Using DKIM helps to protect against spoofing and phishing attacks, in which attackers try to trick recipients into thinking that an email is from a legitimate source, when it is actually from an unauthorized or malicious source. It also helps to improve email deliverability, by allowing email servers to more easily distinguish legitimate messages from spam or other types of unwanted email.

How Does DKIM Work?

When a domain owner wants to use DKIM to authenticate their emails, they first generate a private/public key pair and publish the public key in their DNS records. The private key is used to create a digital signature, which is added to the headers of each email sent from that domain.

The signature is an encrypted message that is unique to each email, and it contains information about the email, such as the sender, the recipient, and the date and time it was sent. It also includes a hash of the email’s content, a fixed-length string of characters generated using a mathematical function.

When an email server receives an email with a DKIM signature, the server retrieves the public key from the DNS records and uses it to verify the signature. This involves decrypting the signature using the public key, and then comparing the resulting information to the email itself. If the information matches and the signature is valid, the email is considered authentic.

If the signature is invalid or cannot be verified, it could indicate that the email has either been modified in transit, or is not from the domain it claims to be. In this case, the server may mark the email as spam or block it altogether, to protect the recipient from potentially malicious or unwanted content.

Why Do Your Emails Need DKIM?

Email security is vital for protecting the confidentiality, integrity, and availability of email communication. It is essential for businesses, organizations, and individuals who rely on email as a primary means of communication, as email is often used to transmit sensitive information, such as financial data, personal information, and confidential documents.

There are two main problems with email – reliable delivery of outgoing emails and the potential threat of phishing attacks from incoming emails. According to Statista, a leading market and consumer data provider, out of 336.41 billion emails sent in July 2021, almost 283 billion emails were spam

Phishing attacks can trick recipients into disclosing sensitive information or downloading malware. These attacks often rely on spoofing the sender’s address or domain, so the email appears to be from a trusted source. The Anti-Phishing Working Group (APWG), an international coalition of counter-cybercrime responders and forensic investigators, concluded that the third quarter of 2022 was the worst quarter for phishing that APWG has ever observed. They observed a total of 1.2 million phishing attacks, a new record.

This is where DKIM can help. By allowing email servers to verify an email’s authenticity, DKIM helps protect against spoofing and phishing attacks, making it more difficult for attackers to impersonate legitimate domains.

DKIM helps the recipient verify an email’s origin, reducing the chances of getting marked as spam and increasing email deliverability. Many email servers use various filters and algorithms to identify and block spam and other unwanted emails. Having a valid DKIM signature can help increase the chances that an email will be delivered to the recipient’s inbox.

On the other hand, not using DKIM can have consequences for the security and deliverability of emails. Without a DKIM signature, emails are more vulnerable to spoofing and phishing attacks, and they may be more likely to be marked as spam or blocked by email servers. This can lead to reduced deliverability and a decreased ability to communicate effectively through email.

Setting Up DKIM for Your Domain

To set up DKIM for an email domain, follow these steps:

1. Generate a private/public key pair

The first step in implementing DKIM is to generate a private/public key pair, which will be used to create and verify the DKIM signature. Several tools and resources are available for generating a key pair, such as OpenSSL, and DKIMCore; however, you are far more likely to use an email service provider such as Gmail, Outlook, or SimpleLogin, which will generate these keys on your behalf.

generating a private public key pair for implementing dkim

2. Add the public key to your DNS records

After generating the key pair, you will need to add the public key to your DNS records, to retrieve and verify the DKIM signature. The specific steps for doing this will depend on the DNS provider you are using, but you will need to create a new TXT record and add the public key as the value.

adding the public key to dns record

3. Modify your email server’s configuration

Next, you will need to modify your email server’s configuration to add the DKIM signature to outgoing emails. The specific steps for doing this will depend on the email server software you are using, but usually you will need to add the private key and other necessary information to the server’s configuration file. The exact steps vary by mailing software and the version you are using. Refer to your server’s documentation for precise steps. 

If you didn’t create a key in step 1, and are using an email service, then look for the option to “verify DNS records”. This will configure the required settings automatically and start signing all outgoing emails. 

4. Test and troubleshoot

After completing the above steps, you should test your DKIM setup to ensure it is working correctly. Send a test email to yourself and check the email headers to verify that the DKIM tests are passing.

How To Verify The DKIM Signature Of An Email 

Once you have configured the DNS records, verifying that everything is working correctly is a good idea. You can do this by following the steps given below:

  1. Send an email from your mailbox using the custom domain to a different address.
  2. Open the recipient’s mailbox, click on the menu icon, and look for the option to view the original message. On Gmail, this option is called “Show original”. However, in other email clients this can be called “View raw message”, or “Show email headers”.
option show original to verify the dkim signature
  1. Once you open the raw message, you can look for the line starting with “DKIM-Signature” to verify that the headers are correct. Gmail provides a handy summary table at the top of the screen which can tell you if your message passed the DKIM check.
dkim verification pass


DKIM is an essential email security feature already being used by 20,420 businesses to reduce the chances of email spoofing and phishing. We encourage you to configure the DKIM setting on your email server to take advantage of the additional security and decrease the chances of getting marked as spam.

If you are looking for a simple yet powerful dashboard to configure your servers, then try RunCloud, which provides an easy and convenient way to maintain your servers without needing to learn about the intricacies of Linux servers. Start with a free trial today and experience the difference yourself.