DKIM record is an email security method for proving the origin (the sender) of the email. It uses cryptography to sign the outgoing emails and DKIM record with the Public Key for verification.
The DKIM record setup process
There are 3 steps that you should take to set up DKIM for your email server:
1. Generate the DKIM Keys.
For the purpose of creating new DKIM keys, you can use one of the many DKIM key generators that are widely available on the Internet. We will use the first organic result from Google, which is SparkPost.
You will need to add your domain, choose a DomainKey Selector (The name for the key. Example – Key001), and the key size (1024 or 2048 bits. The more bits, the more secure it is). Then press Create Keys to generate them. You will have the Public DKIM key and the Private DKIM key ready to use.
2. Enter the Public DKIM Key into your DNS name servers.
This step will allow those who will receive emails from you to verify that the emails are actually coming from your domain. They will check the signature and the DKIM Public Key and verify the origin of the email.
Here it depends a lot if you are running your DNS server or you use a cloud DNS provider. The steps will be slightly different, but the concept is the same, so you can still follow the steps.
Create a DNS TXT record.
There will be a few fields to enter:
Name : Key001._domainkey.YourDomain.com.
Value : v=DKIM1;p=YourPublicKey
Selector : Key001
Change Key001 with the name of the DomainKey Selector you have chosen.
Change the part YourDomain.com. with your actual domain name.
Change the text after the p= (“YourPublicKey”) with the Public DKIM key you already created in the last step. Do not include “BEGIN PUBLIC KEY” and “END PUBLIC KEY”, only the value.
If you created the DKIM record on your computer, upload it into your DNS as a DNS TXT record.
3. Enter the Private DKIM Key into your Email Server.
With the step before, you made sure that the receivers will be able to verify the DKIM record. Now you need to install it on your email server so it can use it to sign the outgoing emails.
So go to your email server. We are using hMailServer, but on all email servers that support DKIM records, you will have a similar interface and process so you can follow the steps.
Create a new TXT record, on your computer, with the value you generated in step one for the Private Key.
Then go to your domain and press the tab called “DKIM signing”. Inside the tab, press “Enable” and browse your computer for the TXT record with the Public Key you have just created. Add the Selector, just as you used before. In our case, “Key001”. The names must match!
Testing the DKIM record
The easiest way to test it is to send an email to somebody you know, that uses Gmail from your email server. The receiver could click the “More” dropdown menu on the email located on the right side of the open email and select “Show Original”.
There you should see DKIM: ‘PASS’ with domain YourDomain.com (your domain you previously added)
That’s it! It wasn’t hard, was it? Now you are using one additional security measure for encrypting your emails. It could reduce the number of messages that were lost due to a spam filter of the receivers.