DKIM (DomainKeys Identified Mail) is a mechanism that allows senders to associate a domain name with an e-mail message. In technical terms, DKIM is a technique to authorize a domain to associate its name to an email message through cryptographic authentication. Once you sign an email with DKIM, you add a DKIM signature header and encrypt it. The sending email server is signing the emails with the private key. The recipient can use the DKIM record by performing a DNS query on the domain. There is a public key inside that the recipient uses to confirm the message is legit and verify the sender using the information in the header. The DKIM record is a way to prove emails can be trusted.
DKIM has the following look in your account:
In ClouDNS, you can use it by creating a TXT record.
DKIM provides an encryption key and digital signature that verifies that an email message was not forged or altered. The properly implemented DKIM record will improve the security of your email deliverability significantly. Thanks to the DKIM record, your recipients will have more trust in your domain. There will not be phishing or spoofing attacks on behalf of your domain. That way, your recipients will be safe, and you guarantee the positive reputation of your domain. DKIM record provides security to your domain’s mail server, and you can combine it with other DNS records like DMARC for even better protection. In addition, it is very easy to create it!
To create DKIM, go to your DNS Zone Control Panel, click on "Add new record" and type, as follow:
Points to: DKIM-specific-text
Host: The host is given you by the domain key generator (it may be something._domainkey or only _domainkey)
Points to: DKIM-specific-text (this string here is also given by the DKIM generator)
You can see the example below:
With the SPF record, you can specify precisely which mail servers and IP addresses are allowed to send email messages on behalf of your domain. It helps detect forgery and prevent spam. On the other hand, the DKIM record provides an encryption key and digital signature that confirms that an email message was not forged or modified. It prevents the delivery of harmful emails like spam. It is best if you use both DNS records for complete security and to ensure safe email communication.
It is actually really easy to check your DKIM records. Here is how to do it in several different ways:
You can use this command if you are a Windows, Linux, or macOS user. Type the following to find all TXT records for the specific host, including DKIM records:
nslookup selector._domainkey.domain txt
The Dig command is a perfect option for anyone using Linux or macOS. Simply write the following, and you will view all the available TXT records for the specific host:
dig selector._domainkey.domain txt
The Host command is another great tool that can help you check your DKIM record. Type the following:
host -t txt _domainkey.domain.com
*Make sure to replace "selector" and "domain" with the corresponding DKIM selector and domain you want to check.
ClouDNS provides full support for DKIM records for all our DNS services, including the listed below. Just write to our technical support, if you need any assistance with your DKIM records configuration. Our Technical Support team is online for you 24/7 via live chat and tickets.