lemlist and its partners use cookies (or similar technology) to measure and analyse how our platform is used and to show ads based on your interests. By clicking "Accept", you agree to the above. You can change your preferences at any time in the Cookie Settings from the footer. For more info, check our Cookies Policy and Privacy Policy.
Deny
Manage
Accept
Manage cookies
Analytics
We need to measure events on this website. Why? Kinda like counting calories to have a good line.
Advertisement
No boring ads chasing you all over the internet. Interesting and relevant stuff, we promise.
Social
If you’re interested in the content of this website, we would love to stay connected on your social networks.
Done
Deliverability
How to set up DKIM for your domain (2024 Update)
lemlist team
July 25, 2024
|
7 min. read
lemlist team
LAST UPDATED
July 23, 2024
READING TIME
7 min.
Setting up a DKIM record can increase your open rates by 50% or more.
DKIM adds a layer of security to your emails that email service providers love.
This added trust gives your emails superior inbox placement, leading to a higher ROI for your email outreach.
In short, setting up and configuring DKIM is a pivotal factor influencing your email deliverability.
You'll find out why that's the case, plus how-to tutorials on enabling DKIM and verifying DKIM settings.
What is a DKIM signature?
DKIM is an email authentication protocol and digital signature that fights email spoofing.
DKIM signature (DomainKeys Identified Mail) is an email authentication method that assists in detecting forged sender email addresses.
It helps senders associate a domain name with an email message, vouching for its authenticity in the process.
In simple terms, a DKIM key configures an encrypted signature to the header of all your outgoing messages, which email servers later decrypt, thus verifying the message was not changed after it was sent.
Why do you need DKIM?
You need DKIM to ensure that your emails are authentic and secure.
DKIM attaches a digital signature to your outgoing emails, which can be verified by the recipient's email server using a public key published in your DNS records.
This process confirms that the email truly came from your domain and has not been altered during transit.
For cold emailing, DKIM is especially important because it helps build trust with recipients and email providers.
When your emails are authenticated with DKIM, they are less likely to be marked as spam or rejected by email servers.
This increases the chances that your cold emails will reach the recipient's inbox, making your outreach efforts more effective.
How does DKIM authentification work?
Here is how DKIM (DomainKeys Identified Mail) authentication works:
1. Digital Signature Added: The sending mail server generates a unique digital signature for each email, using a private key stored on the server.
2. Signature in Header: This digital signature is inserted into the email's header as a DKIM-Signature field.
3. Public Key Published: The domain owner publishes the corresponding public key in their DNS records, which is accessible to receiving mail servers.
4. Verification by Receiver: The receiving mail server retrieves the public key from the DNS and uses it to decrypt the digital signature in the email's header.
5. Validation: If the decrypted signature matches the content of the received email, it verifies the email's authenticity and integrity, confirming that it hasn’t been altered during transit.
DKIM simplifies key management so that you don't have to rely on third-party certificate authorities.
Essentially, DKIM stores the public key in DNS so that you can manage the public DKIM keys yourself.
How to setup DKIM for your domain
No matter which mail server you use, setting up DKIM works the same.
It involves securely storing a private key and sharing a public key via your domain’s DNS records using a specific format.
Similar to SPF, DKIM requires DNS TXT records.
It’s recommended to rotate your DKIM keys every now and then (some say every quarter) and revoke old keys as part of this rotation.
The process involves adding new keys and removing the old keys from your DNS records.
To make setting DKIM easier for you, we've organized all tutorials into two groups: Google and Microsoft Office.
No matter which email service provider you use, you'll find how-to guides to help you out.
1. How Configure DKIM for Gmail
General set up (all domain providers)
Google with Namecheap
Google with Cloudflare
Google with Bluehost
2. Configure DKIM for Microsoft Office
General set up (all domain providers)
Microsoft with Namecheap
Microsoft with Cloudflare
Microsoft with Bluehost
1. How to set up DKIM for Gmail
Google is a straightforward choice for many.
Luckily for all, Google DKIM setup is a breeze if you have the right tutorial to follow.
We've prepared a few for you, depending on your domain provider.
How to create a DKIM record for all domain providers
To set up Google Workspace DKIM record, you need to get a unique record from Google, and to do that we need to go to Apps -> Google Workspace -> Gmail -> Authenticate email:
Now click "Generate new record" and copy the hostname and TXT record value:
Now you need to:
Go to DNS
Click on "Add new record"
Choose a TXT record
Put DNS hostname in "Name"
Put TXT record from Google in "Value"
DKIM Setup for Google with Namecheap
To set up a DKIM record, you need to get a unique record from Google, and to do that we need to go to Apps -> Google Workspace -> Settings for Gmail -> Authenticate email:
Now click "Generate new record" and copy the hostname and TXT record value:
Log in to Namecheap
Go to Domain list and choose your domain
Go to Advanced DNS
Click on "Add new record"
Choose a TXT record
Put DNS hostname in "Name"
Put TXT record from Google in "Value"
Save it!
Now come back to Google Workspace and click "Start authentication":
DKIM Setup for Google with Cloudflare
To set up a DKIM record, you need to get a unique record from Google, and to do that we need to go to Apps -> Google workspace -> Settings for Gmail -> Authenticate email:
Now click "Generate new record" and copy the hostname and TXT record value:
Log in to Cloudflare
Go to Domain list and choose your domain
Go to Advanced DNS
Click on "Add new record"
Choose a TXT record
Put DNS hostname in "Name"
Put TXT record from Google in "Value"
Save it!
Now come back to Google Workspace and click "Start authentication":
DKIM Setup for Google with Bluehost
To set up a DKIM record, you need to get a unique record from Google, and to do that we need to go to Apps -> Google Workspace -> Settings for Gmail -> Authenticate email:
Now click "Generate new record" and copy the hostname and TXT record value:
Log in to Bluehost
Go to Domain list and choose your domain
Go to Advanced DNS
Click on "Add new record"
Choose a TXT record
Put DNS hostname in "Name"
Put TXT record from Google in "Value"
Save it!
Now come back to Google Workspace and click "Start authentication":
2. How to set up DKIM for Microsoft Office 365
Microsoft Office is your preferred choice? We got you.
DKIM setup, depending on your domain provider, is a bit different than when you're using Google.
Let's crack on.
How to create a DKIM record for all domain providers
In order to set up a DKIM record, you need to get a unique record from Exchange, and to do that we need to go to Home -> Policy -> DKIM.
Select the domain for which you want to enable DKIM and then, for Sign messages for this domain with DKIM signatures, choose Enable. Repeat this step for each custom domain.
Configuring DKIM record for Microsoft Office & Namecheap
To set up a DKIM record, you need to get a unique record from Exchange, and to do that we need to go to Home -> Policy -> DKIM.
Select the domain for which you want to enable DKIM and then, for Sign messages for this domain with DKIM signatures, choose Enable. Repeat this step for each custom domain.
Setting up DKIM Record for Microsoft Office with Cloudflare
To set up a DKIM record, you need to get a unique record from Exchange, and to do that we need to go to Home -> Policy -> DKIM.
Select the domain for which you want to enable DKIM and then, for Sign messages for this domain with DKIM signatures, choose Enable. Repeat this step for each custom domain.
DKIM Record Setup for Microsoft Office with Bluehost
To set up a DKIM record, you need to get a unique record from Exchange, and to do that we need to go to Home -> Policy -> DKIM.
Select the domain for which you want to enable DKIM and then, for Sign messages for this domain with DKIM signatures, choose Enable. Repeat this step for each custom domain.
How to check if I set up DKIM correctly?
To check if you have set up DKIM correctly, follow these steps:
1. Access Your Email Provider's DNS Settings:
Ensure that the DKIM public key has been added to your DNS records. This typically involves creating a TXT record or a CNAME record with your DNS provider.
2. Send a Test Email:
Send a test email from the domain where DKIM has been set up to an external email address, preferably one that you can use for checking headers (like Gmail).
3. Inspect the Email Headers:
In the received test email, view the email headers. This is usually done through the "View Original" or "View Source" option in the email client.
Look for a header field named DKIM-Signature.
4. Check DKIM Validation Result:
In the email headers, search for the Authentication-Results header or something similar, which indicates the result of the DKIM check.
An example of a successful DKIM validation result might look like:
Authentication-Results: mx.google.com; dkim=pass (signature was verified); dkim-domain=example.com;
If the result is pass, it means that DKIM is set up correctly and the signature was validated.
5. Use Online DKIM Validators:
Use these online tools to validate your DKIM setup:
MXToolbox DKIM Record Lookup: This tool helps verify the technical configuration of your DKIM record. You provide your domain name and the DKIM selector (often found in your email provider's settings) to check if the record is properly published in your DNS.
DKIM Core Check Tool: It goes a step further and can inspect the actual DKIM keys used for signing your emails. It can help identify issues with the key itself, such as validity or potential security concerns.
Mail-Tester: This tool takes a more practical approach. You send an email to their test address, and they analyze it for various authentication factors, including DKIM. This allows you to see how your emails are actually treated by receiving mail servers and confirm if DKIM validation is successful.
7. Check DNS Configuration:
Verify that the DKIM public key is correctly published in your DNS records.
You can use various DNS lookup tools or commands like nslookup or dig to ensure the TXT or CNAME record exists and is formatted correctly.
You can also use DMARC reports to check that the messages sent using your domain are correctly authenticated with DKIM and SPF.
A DMARC monitoring service like DMARC Digests will process these reports for you and provide a useful summary of DKIM, SPF, and DMARC results for messages sent from all the mailbox providers you use.
Why SPF, DKIM & DMARC are important for cold emailing?
SPF, DKIM & DMARC are settings to certify that you're the sole owner of your cold email domain.
DKIM (DomainKeys Identified Mail) is essential for cold emailing because it adds a cryptographic signature to your emails, ensuring their authenticity and integrity.
This verification process proves that your emails genuinely come from your claimed domain and have not been tampered with during transit.
By implementing DKIM, you increase trust and credibility with recipients and email providers, significantly improving email deliverability and reducing the likelihood of your messages being marked as spam.
How DKIM protects from spoofing attacks?
Cyber criminals are getting more sophisticated and the volume of emails are constantly rising. Add automation tools and new phishing techniques and you get a rise in spoofing attacks we see recently.
Email spoofing is a common tactic used to deceive recipients into believing that an email comes from a legitimate source when it's a fraudulent attempt to steal sensitive information.
DKIM helps in the fight against email spoofing, working alongside SPF and DMARC to enhance email deliverability and security.
It is an email authentication method designed to detect forged sender addresses in emails.
DKIM uses cryptographic signatures to verify that an email message has not been tampered with and that it truly comes from the claimed domain.
The recipient’s mail server uses the corresponding public key, published in the sender's DNS records, to validate the signature. If the signatures match, it confirms that the email has not been altered and is indeed from the authenticated domain.
In simple words, DKIM adds a digital signature to outgoing emails. This signature is verified by the recipient's email server, ensuring that the claimed domain has indeed sent the email.
Thanks to this added layer of authenticity to emails, it becomes much more difficult to forge the sender's identity.
While DKIM is a potent tool, combining it with other authentication protocols further strengthens email security:
Sender Policy Framework (SPF): SPF allows domain owners to specify authorized email servers for sending emails from their domain. When an email arrives via an authorized server, it's considered legitimate, helping prevent spoofed emails from reaching recipients.
Domain-based Message Authentication, Reporting, and Conformance (DMARC): DMARC works in conjunction with SPF and DKIM, providing instructions to email systems on how to handle emails that fail authentication. It helps organizations protect their brand and makes sure that only genuine emails from approved domains are delivered.
Brand Indicators for Message Identification (BIMI): BIMI enhances brand visibility in email clients by displaying a company's logo next to its emails. This not only verifies the email's authenticity but also reinforces brand trust and email sending reputation.
By implementing DKIM alongside SPF, DMARC, and BIMI, organizations can significantly reduce the risk of email spoofing attacks. Boost email deliverability, and provide recipients with a safer email experience.
Frequently Asked Questions
Can you send emails without DKIM?
Yes, you can send emails without DKIM.
But without DKIM, messages sent from your domain are more likely to be marked as spam. This can damage your domain reputation, trustworthiness, and deliverability.
DKIM helps prevent email spoofing, phishing, and impersonation by verifying that the email was sent by the domain owner and not someone else. So there’s no reason you’d like to send your email without DKIM.
Where is the DKIM signature?
The DKIM signature is in the email header that contains the encrypted hash of the message content and the domain name of the sender. It’s generated by using a private key that is kept secret by the sender, and a public key that is published in the DNS records of the sender’s domain.
How do I check my DKIM and SPF records?
To check your DKIM and SPF records, you can use various online tools or services that can help you test and validate your records. For example, you can use t free deliverability test, which will give you an overview of your technical setup including DKIM and SPF.
What is the difference between DKIM signature and public record?
The DKIM signature and the DKIM public record are two important components of the DKIM authentication system. The DKIM signature is a digital signature added to the email message header by the sending domain, while the DKIM public record is published as a DNS record in the DNS zone for the sending domain.
Key takeaways
Setting up DKIM records helps fight email spoofing and misuse
If you want to have high email deliverability, it's a must to enable DKIM record
☝️ Once you enable DKIM, the job isn't done. You have to set up SPF and MX records next.
Thanks! You've successfully subscribed to lemlist newsletter
Oops! Something went wrong while submitting the form.
Looking to verify leads' email addresses but aren't sure which tool suits your goals and budget? Check out the ultimate review of the Bouncer email verifier and ensure youget the most value for money.
Sending emails to unverified addresses = not reaching your target audience. Here are the best verification tools to ensure you open new business opportunities.
If you send emails to invalid addresses, you can’t get replies and grow your business. In this article, get 5 proven methods to validate an email without reaching out first.
Email warm-up helps establish a good sender reputation, allowing you to send more emails without landing in the spam folder. Essentially, a good email warm-up strategy is essential for cold email success.
Guillaume Moubeche
Jul 25, 2024
You've successfully subscribed to the lemlist newsletter!
Oops! Something went wrong while submitting the form.
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
