Related terms


Email marketing platform with everything you need to design, send campaigns, and perform upmost efficient tracking



DKIM (DomainKeys Identified Mail) is an authentication protocol used to identify and validate the sender. It is carried out in an encrypted manner to prevent falsification and fraudulent use of the sender's domain.

Are your emails ending up in spam? Acrelia provides you with all the tools to prevent it. Try it now.

How Does DKIM Work?

DKIM is an encrypted, secure signature added to the message that must match the one existing on the sender's server. It allows the recipient's mail server to confirm that the message has not been altered in any way and that the sender is who they claim to be.

The process is straightforward: when sending the message, DKIM creates a unique series of characters (hash) that identifies it with a private key and adds it to the message header. The recipient's server accesses a public key in the DNS to decrypt the hash. If they match, it confirms that the message has not been tampered with and accepts it. If not, it may have been hacked or sent by a fraudulent server, and it will be considered spam.

How to Configure DKIM?

The DKIM record is a text entry that must be included in the domain's DNS and has a format similar to this: v=DKIM1;k=rsa;p=[characters];

This example shows common parameters for all records of this type: "v" corresponds to the version, "k" is the encoding algorithm, and "p" is the public key, which is the long series of characters that varies for each domain.

Additionally, a "selector" associated with the domain is needed (for example, selector _.domainkey), which helps the recipient's server find the public key. This is why its address is in the message header.

Why Is DKIM Important?

Similar to other authentication protocols, DKIM adds a layer of security ensuring that messages have not been forged, making it harder for phishing attacks to use that domain. It also helps maintain the sender's reputation and prevents messages from going to spam because ISPs can confirm their legitimacy.

Since it verifies outgoing messages, multiple keys can be created, such as for the mass email platform and internal Gmail emails.