What is DKIM?
DKIM (Domain Keys Identified Mail) is one of the mechanisms used to verify the authenticity of an email message and sender and prevent fraud and impersonation. DKIM is a digital signature of an email message that allows the email recipient's servers to verify the authenticity of the sender.
More information can be found here:
Why set up DKIM, why is it so important?
If you care about deliverability in general and the authenticity, credibility of your domain/brand, as well as your security and that of your audience, then adding DKIM entries is mandatory.
By setting up DKIM you will ensure:
the authenticity of the sender (i.e. your sending address) - DKIM helps to verify that the email comes from a genuine sender and has not been tampered with during transmission
protection against phishing - DKIM helps to combat phishing because it makes it easier for mail servers to identify the real senders of emails. This makes it harder for fraudsters to impersonate your brand.
improve email deliverability - emails signed with DKIM are more trustworthy in the eyes of mail servers, which increases the chances of delivery to recipient's inboxes. Without DKIM you can't be sure if your message will be delivered at all, see this article for more information.
protection against modification: DKIM protects against accidental or intentional modification of the message content during transmission, ensuring the integrity of the transmitted information.
support for other technologies: DKIM can be used in conjunction with other anti-spam mechanisms, such as SPF and DMARC, to strengthen the protection and security of emails.
sender reputation: Sending emails using DKIM helps, as with SPF, to maintain the good reputation of the sender's domain, which is important for the long-term reliability and deliverability of emails.
How does DKIM's message verification work?
During the sending process, DKIM 'signs' the email message. When the recipient's mail server receives the message, it checks what DKIM records are assigned to the domain and verifies that there is one that points to the server from which the message was sent.
If the verification is successful, i.e. the signature matches the DKIM record of the domain, the message and the sender are considered authentic.
If such a record does not exist or is not valid, the message may be considered suspicious or may be rejected by the recipient's mail server, depending on the mail server's policy.
How to set up DKIM for emails sent from edrone?
DKIMs are DNS records that you add in your hosting, for the domain you use in the sender address (i.e. the one you enter in edrone in the Sender section), not the shop domain (sometimes these are different).
edrone uses several mail providers (SMTP Providers), so 2 DKIM entries must be set:
1. The first DKIM has a TXT
2. The second record has type CNAME
Both records you generate yourself in our system. This is combined with adding the sender domain to edrone, under Settings → Integration → Sender Domain.
In the article How to add a sending domain and authenticate in edrone, we described how to add a sender domain and generate both DKIM records for it.
You then add such a DKIMs as a new DNS records, type TXT, select the appropriate type (TXT or CNAME, according to the information in the system in the Sender Domain tab), enter the generated host name and value.
Once you have added our new DKIM records, you still need to verify them with the sender domain in edrone (i.e. check that the entry has been added correctly) - verification is also described in the article above.
Some hosts require a dot at the end of the host name, and some even at the end of the value. If after copying and adding the record for edrone, the verification does not pass, try adding the dots and verify the domain again.
If you need help with verification, please contact us at hello@edrone.me
Adding DKIM on some hostings:
How to verify the DKIM has been correctly configured?
You will verify our DKIM yourself in the edrone system, in the Sending Domain section, after selecting the appropriate domain, click on the Verify button.
If the verification is successful, you will receive proper notification and a green 'Verified' label will appear next to the record.
If an error notification appears, this means that the DKIM has not been added correctly. There may be several reasons for this, they are described below.
You can also verify DKIM records at this address: https://dkimcore.org/tools/keycheck.html
In the Selector field, enter the part of the record contained in the Name before "._domainkey", and in the Domain name field, enter your sending domain (the one from your sender address, not your shop domain if they are different). Click Check.
If you receive the message: "This is a valid DKIM key record", then the DKIM has been added correctly.
If you get the message: "This is not a good DKIM key record. You should fix the errors shown in red", this means that the record does not exist or has not been added correctly. You should see below what the specific error is.
Propagation of a record (spreading across the internet) can take up to 48h, so sometimes verification immediately after addition may not be successful, so it is worth waiting and checking the entry again after this time.
The most common causes of unsuccessful verification:
verification too fast (before full propagation)
addition of DKIM to the domain of the shop and not to the domain of the sender
incorrect format/type (other than TXT or CNAME)
attempting to add this record on a different platform than the host
so-called typos/incorrectly copied record
older mail server software that does not support DKIM
*no dot at the end of host name or value - this is only required on some hosts
If your verification has not been successful, and you are not sure what each error means, please contact your hosting provider or us (if it applies to our records) to determine the cause.
Need more help?
If you have any further questions about DKIM records, please do not hesitate to contact us at hello@edrone.me