How does DKIM Work?

Like SPF, DKIM is an open standard for email authentication that is used for DMARC alignment and exists in the DNS record of the domain, but it is a bit more complicated than SPF.

DKIM gives emails a signature header that is added to the email and secured with a public/private key pair and a certificate. This DKIM signing acts like a watermark for email so that email receivers can verify that the email actually came from the domain it says it does and hasn’t been tampered with.

Each DKIM signature contains all the information needed for an email server to verify that the signature is real, and it is encrypted by a pair of DKIM keys. The originating email server has what is called the “private key,” which can be verified by the receiving mail server or ISP with the other half of the keypair, which is called the “public key.” The public key exists in the DKIM record in your domain’s DNS as a text file.

DKIM is a very useful anti-spam tool and is virtually impossible for the "spammers" to forge. Therefore it gives a better level of confidence in any anti-spam software or processes that your email is genuine.

We Recommend you use this in conjunction with your SPF Record as Authentication for your emails for even Greater Levels of anti-spam Confidence.

Note: DKIM is Enabled by Default on All Shared Hosting Accounts to screen both Incoming and Outgoing Mail but you can change this Setting within cPanel under the "Email" section by clicking the "Authentication" Icon.

Create a DKIM Record on your Domain

• Log in to cPanel
• Choose the Zone Editor Link in Domains Tab than click on the Manage Link for the desired Domain.
• To Update your current DKIM Record search for DKIM1on the Page with Records and click on the Update Link.
• To Add a New DKIM Record click on Add Record, than click Add "TXT" Record.

To Generate DKIM Private and Public Keys you could use this tool which will generate your TXT Record and DKIM Keys.

On the Server-Side you will have to Configure your Mail Server to sign your emails with the Private Key Generated.

Example of how a DKIM Record looks like:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYLXeeJ3COF52ejD/OL3kJ7FMxRIhdtS8/sPUotL1CXWVJ1aj1mpFJuzN8gzeWjdDwzIvqipQkaeuGPFp6nLVoVioeFYl65ncDyxuvn5d17tsTWpSMaULox14kZBuCm/GJnB37LYBp9C5/mnqrGZmvhgWRbpNCMyCLmmlADMMSeeLMAtwzdgkiunH2490cGhpbrD7h1JmvHJUJahsQ5Wf+/ClLZeTIvJZW/3oA6L7XSz9QLnt2BxyhB1u1Ofcoh9CfPFPDr34nvTiWDQKUIGAQgCxRGEXmn1SbbAmdRm2f5kde9TPeZoUWe/Pd7L05linyw3PVOjL8u54yDFRQ0b9QIDAQAB"

Test your DKIM Record with the DKIM Record Checker

Setting up the DKIM Record is an essential part of your Technical Settings. Now test if you have set up your DKIM Record correctly by using the DKIM Record Checker.