What is DKIM?
DKIM (Domain Keys Identified Mail) is one of the mechanisms used to verify the authenticity of an email message and sender and prevent fraud and impersonation. DKIM is a digital signature of an email message that allows the email recipient's servers to verify the authenticity of the sender.
More information can be found here:
Why set up DKIM, why is it so important?
If you care about deliverability in general and the authenticity, credibility of your domain/brand, as well as your security and that of your audience, then adding DKIM entries is mandatory.
By setting up DKIM you will ensure:
the authenticity of the sender (i.e. your sending address) - DKIM helps to verify that the email comes from a genuine sender and has not been tampered with during transmission
protection against phishing - DKIM helps to combat phishing because it makes it easier for mail servers to identify the real senders of emails. This makes it harder for fraudsters to impersonate your brand.
improve email deliverability - emails signed with DKIM are more trustworthy in the eyes of mail servers, which increases the chances of delivery to recipient's inboxes. Without DKIM you can't be sure if your message will be delivered at all, see this article for more information.
protection against modification: DKIM protects against accidental or intentional modification of the message content during transmission, ensuring the integrity of the transmitted information.
support for other technologies: DKIM can be used in conjunction with other anti-spam mechanisms, such as SPF and DMARC, to strengthen the protection and security of emails.
sender reputation: Sending emails using DKIM helps, as with SPF, to maintain the good reputation of the sender's domain, which is important for the long-term reliability and deliverability of emails.
How does DKIM's message verification work?
During the sending process, DKIM 'signs' the email message. When the recipient's mail server receives the message, it checks what DKIM records are assigned to the domain and verifies that there is one that points to the server from which the message was sent.
If the verification is successful, i.e. the signature matches the DKIM record of the domain, the message and the sender are considered authentic.
If such a record does not exist or is not valid, the message may be considered suspicious or may be rejected by the recipient's mail server, depending on the mail server's policy.
How to set up DKIM for emails sent from edrone?
DKIMs are DNS records that you add in your hosting, for the domain you use in the sender address (i.e. the one you enter in edrone in the Sender section), not the shop domain (sometimes these are different).
1. The first DKIM has a TXT type and you generate it yourself in our system. This is combined with the addition of the sender domain to edrone, under Settings -> Integration -> Sender Domain.
In this article: Adding and verifying a sender domain, we described how to add a sender domain and generate the first DKIM for it.
Then add a generated DKIM as a new DNS record, TXT type, enter the host name and value.
After adding the new DKIM, you still need to verify the sender domain in edrone (i.e. whether the entry was added correctly) - verification is also described in the article above.
2. The second entry has a CNAME type, you add it as a new separate DNS record and the only thing you change is the domain. Below is a sample with the domain sklep.pl:
NAME/HOST NAME: emaillabs._domainkey.sklep.pl
The second DKIM record also needs to be verified, but you no longer do this directly in our system - for this, contact us at firstname.lastname@example.org, or verify it yourself using tools available on the internet, such as this one: https://dkimcore.org/tools/keycheck.html
Adding DKIM on some hostings:
How to verify the DKIM has been correctly configured?
You will verify the first DKIM yourself in the edrone system, in the Sending Domain section, after selecting the appropriate domain, click on the Verify button.
If the verification is successful, you will receive proper notification and the domain will be marked in green.
If an error notification appears, this means that the DKIM has not been added correctly. There may be several reasons for this, they are described below.
You can verify the second DKIM at this address: https://dkimcore.org/tools/keycheck.html
In the Selector field, enter emaillabs, and in the Domain name field, enter your sending domain (the one from your sender address, not your shop domain if they are different). Click Check.
If you receive the message: "This is a valid DKIM key record", then the DKIM has been added correctly.
If you get the message: "This is not a good DKIM key record. You should fix the errors shown in red", this means that the record does not exist or has not been added correctly. You should see below what the specific error is.
The most common causes of unsuccessful verification:
verification too fast (before full propagation)
addition of DKIM to the domain of the shop and not to the domain of the sender
incorrect format/type (other than TXT or CNAME)
attempting to add this record on a different platform than the host
so-called typos/incorrectly copied record
older mail server software that does not support DKIM
*no dot at the end of host name or value - this is only required on some hosts
If your verification has not been successful, and you are not sure what each error means, please contact your hosting provider or us (if it applies to our records) to determine the cause.
Need more help?
If you have any further questions about DKIM records, please do not hesitate to contact us at email@example.com