DKIM (DomainKeys Identified Mail) is an email authentication standard that lets a sending domain attach a cryptographic signature to every outgoing message. The signature is generated with a private key the sender holds, and recipients verify it against a public key the sender publishes in DNS. If the signature checks out, the receiver knows the message has not been altered in transit and that the sender controls the signing domain.
How DKIM works in practice. When an outgoing email leaves your platform, the mail server hashes selected header fields and the message body, signs the hash with your private key, and adds the result as a DKIM-Signature header. The recipient server fetches your public key from the selector._domainkey.yourdomain.com TXT record, recomputes the hash on the message it received, and compares the two. A mismatch means the message was tampered with or signed with the wrong key.
Why DKIM matters for senders. DKIM is the integrity half of modern email authentication: SPF says where mail may come from, DKIM proves it has not been changed since it left. Gmail, Yahoo and Microsoft now require a valid DKIM signature for bulk senders, and without one your reputation drops, your campaigns land in spam, and DMARC enforcement breaks. Properly signed mail is treated as trustworthy from the first send.
Mailpro and DKIM
DKIM signing, handled for you
Mailpro signs every outgoing email with DKIM out of the box. No DNS configuration, no key rotation to worry about — your reputation is protected from day one.