​How to use DKIM record Quick and Easy

DKIM record is an email security method for proving the origin (the sender) of the email. It uses cryptography to sign the outgoing emails and DKIM record with the Public Key for verification.

​The DKIM record setup process

There are 3 steps that you should take to set up DKIM for your email server:

​1. Generate the DKIM Keys.

For the purpose of creating new DKIM keys, you can use one of the many DKIM key generators that are widely available on the Internet. We will use the first organic result from Google, which is SparkPost.

You will need to add your domain, choose a DomainKey Selector (The name for the key. Example – Key001), and the key size (1024 or 2048 bits. The more bits, the more secure it is). Then press Create Keys to generate them. You will have the Public DKIM key and the Private DKIM key ready to use. 

​2. Enter the Public DKIM Key into your DNS name servers.

This step will allow those who will receive emails from you to verify that the emails are actually coming from your domain. They will check the signature and the DKIM Public Key and verify the origin of the email.

Here it depends a lot if you are running your DNS server or you use a cloud DNS provider. The steps will be slightly different, but the concept is the same, so you can still follow the steps.

Create a DNS TXT record.

There will be a few fields to enter:

Name :

Value : v=DKIM1;p=YourPublicKey

Selector : Key001

Change Key001 with the name of the DomainKey Selector you have chosen.

Change the part with your actual domain name.

Change the text after the p= (“YourPublicKey”) with the Public DKIM key you already created in the last step. Do not include “BEGIN PUBLIC KEY” and “END PUBLIC KEY”, only the value.

If you created the DKIM record on your computer, upload it into your DNS as a DNS TXT record.

​3. Enter the Private DKIM Key into your Email Server.

With the step before, you made sure that the receivers will be able to verify the DKIM record. Now you need to install it on your email server so it can use it to sign the outgoing emails.

So go to your email server. We are using hMailServer, but on all email servers that support DKIM records, you will have a similar interface and process so you can follow the steps. 

Create a new TXT record, on your computer, with the value you generated in step one for the Private Key

Then go to your domain and press the tab called “DKIM signing”. Inside the tab, press “Enable” and browse your computer for the TXT record with the Public Key you have just created. Add the Selector, just as you used before. In our case, “Key001”. The names must match!

​Testing the DKIM record

The easiest way to test it is to send an email to somebody you know, that uses Gmail from your email server. The receiver could click the “More” dropdown menu on the email located on the right side of the open email and select “Show Original”. 

There you should see DKIM: ‘PASS’ with domain (your domain you previously added)


That’s it! It wasn’t hard, was it? Now you are using one additional security measure for encrypting your emails. It could reduce the number of messages that were lost due to a spam filter of the receivers. 

What does Extended Validation SSL Certificate mean?

EV SSL is a popular type of SSL Certificate. Extended Validation SSL Certificate provides trust and security to the website. Let’s explain a little bit more about it.

What is an SSL Certificate?

Secure Sockets Layer, or SSL for short, is a standard used for encrypting data exchanged between users’ devices and websites. Additionally, it verifies identity for users to feel more secured. As a result, SSL is a useful security layer mainly for websites that ask for sensitive data from their users. Therefore, it is essential to transfer data without any risk of manipulation or interception.

SSL operates through two separate keys, a public key and a private one. Both of them are necessary to encode and decode the data that is flowing between two systems.

When a user reaches a website with an SSL certificate, there is a transfer of public keys to encrypt the communication between them successfully. Once the server gets a message, it decrypts it with its private key. The answer it returns to the user is also encrypted with the private key. Next, a mirrored process is required on the side of the user.

Typical usage of the SSL certificates is for websites, email, remote login, and so on.

EV SSL Certificate explained.

Extended Validation SSL Certificate or shortly EV SSL provides a really robust encryption level. Additionally, great security and the organization’s reliability authentication. However, to receive such a certificate, a globally standardized identity verification process is required. Besides, the owner has to determine exclusive rights to manage a domain, prove its legal, operational and physical presence, and show the entity has authorized the issuance of the certificate.

Typically, companies looking for this certificate are working with many constant transactions. Therefore, they demand to fully guarantee security for their users and protection for every payment or data transfer. Such companies are banks, financial institutions, big e-commerce enterprises, global brands, government, tech firms, etc.

Other types of SSL certificates

Domain Validation (DV SSL) is more simple to get, and it is also cost-effective. With it, you receive a basic level of encryption and security. The Certificate Authority (CA), for example, is going to verify through email the accuracy of the owner of the registered domain name. The CA will check if the email you gave matches the one recorded for the particular domain in the WHOIS record. Then you as a domain owner are going to receive a message, and in case your reply is appropriately taken, the DV SSL certificate is issued fast. Finally, you are going to receive it included in a file, and you are able to attach it to your website, and you are ready.

Domain Validation SSL certificate is for websites that are not handling sensitive data of their users, for example, portfolios or blogs.

Organization Validation (OV SSL) is more pricey rather than a DV SSL certificate. Also, the process to receive one is more time-consuming because it’s more exhaustive. On the other hand, OV SSL gives a better encryption level, and it securely verifies a company’s integrity and legitimacy. The CA is going to check the company’s information, such as name, telephone number, domain ownership, and physical address, and determine if there is fake data. In case the CA defines the company as genuine, the OV SSL certificate is going to be issued in a couple of days.

It will simply present the company’s name, city, state, and country where it functions. Typically, larger corporations or also government agencies apply this type of certificate.

A Multi-domain SSL certificate is a helpful method to receive encryption and security for the main domain name and various subject alternative names (SAN) by a single certificate. Security could even be an Extended Validation SSL Certificate for every domain you add. It saves time and money, and you can add or exclude the SAN you want. Companies with a presence in many locations, international enterprises that own various top-level domain names (TLDs) usually benefit from it.

DNSSEC – Definition

DNSSEC explained.

The Domain Name System Security Extensions, or for short DNSSEC, is an excellent method to improve the security of your domains. It is a superior DNS trait. When you start applying it to each DNS record is going to be attached a digital signature (DS) record. That provides a guarantee that the domain name source is authentic.

The main reason for its creation is to keep the users on the Internet safe and protected from any forged DNS data. For example, the address could be misleading or malicious and lead users to an unwanted website rather than the original one they requested.

When you start using DNSSEC, the DNS lookups are going to prove that the source of the website’s DNS is valid with digital signatures. Therefore, some types of attacks could be successfully stopped through its help. That is possible because the browsers will not open the site if the digital signature does not match.

How does it work?

DNSSEC is fixing the safety problems that concern DNS, which needs a cover of security on top. 

The answer is the authentication method that applies digital signatures with public-key cryptography – DNSSEC. With its help, the owner of a DNS service is able to cryptographically sign the DNS data for their domain name. It is essential to know that we are not speaking about the DNS queries themselves. 

To achieve that, every DNS zone requires a combination of a public and a private key. 

The domain owner uses the private key to sign the information in the zone. 

The public key is visible publicly, and it is placed in the zone.

Each DNS recursive server that wants to review data in the zone will receive this public key and confirm the authenticity of the DNS records. This occurs if it successfully authenticates the information. If not, the DNS recursive server is going to give an error message to the user. 

The information in the authoritative name server additionally requires to verify its authenticity. Its public key is confirmed, not by its own private key, but from the authority on top. The root zone does not have someone on top to sing its key.

What does it protect against?

The foremost aim of DNSSEC is to provide restrictions to third parties to attempt to falsify any DNS records. Limiting the following situations from happening, it is capable of protecting the integrity of the domain name.

DNS Cache Poisoning

It is considered a sort of man-in-the-middle attack. The attackers’ goal is to flood a DNS resolver with bogus DNS information. There are cases in which the attacks can progress a lot and establish a fake end result in the cache memory of the resolver. For that reason, the DNS resolver supplies a malicious and fraudulent address to all users that ask for that particular website. Unfortunately, it lasts till the TTL (Time-to-Live) expires.

Fabricated zones

DNSSEC can protect against DNS attacks that unfairly use the DNS system and supply simulation results for zones. They may not exist, really, and criminals profit from holes among zones. So DNSSEC produces mechanisms for these holes to not being used and secure the complete zone.