DKIM (DomainKeys Identified Mail) is an email authentication method that allows senders to digitally sign outgoing messages.

This signature enables mailbox providers to verify that an email was sent by the authorized domain and that the message content was not altered during delivery.

DKIM is a core component of email authentication and plays a central role in improving email deliverability.

Without DKIM, mailbox providers cannot reliably verify message integrity, which increases the risk of spam filtering, phishing detection, and long-term reputation damage.

DKIM signature and public key verification

How DKIM Works

When an email is sent, the sending server adds a cryptographic signature to the message header using a private key.

The corresponding public key is published in the sender’s DNS as a DKIM record.

When the receiving mail server gets the message, it retrieves the public key from DNS and verifies that:

  • The message was signed by the authorized domain
  • The message content was not modified in transit
  • The sending domain matches the signing domain

If the signature is valid, the DKIM check passes.

If the signature is missing, invalid, or misaligned, the message may be filtered, flagged, or rejected.


What Is a DKIM Record?

A DKIM record is a DNS record that contains the public key used to verify DKIM signatures generated by your sending servers.

This record allows mailbox providers to validate the authenticity and integrity of your messages.

A typical DKIM record looks like this:

v=DKIM1; k=rsa; p=MIIBIjANBgkqh...

This record specifies:

  • v=DKIM1: DKIM version
  • k=rsa: Key type
  • p=: Public key used for signature verification

Each sending domain should have a valid DKIM key pair configured and published correctly in DNS.


Why DKIM Matters for Deliverability

Mailbox providers rely heavily on DKIM when evaluating the trustworthiness of incoming messages.

Correct DKIM configuration helps:

  • Protect messages against tampering and modification
  • Build domain reputation over time
  • Support forwarding scenarios without breaking authentication
  • Enable DMARC alignment and enforcement

DKIM is especially valuable because signatures often remain valid even when messages are forwarded through other systems.

For best results, DKIM should always be combined with SPF and DMARC.


Common DKIM Configuration Mistakes

Small DKIM configuration errors can cause authentication failures and delivery problems.

Common issues include:

  • Publishing the wrong public key in DNS
  • Using expired or revoked keys
  • Breaking signatures due to message rewriting
  • Incorrect selector configuration
  • Misalignment between signing domain and “From” domain

DKIM keys should be rotated periodically and verified after any infrastructure or provider change.


Configure DKIM with Mailpro

Mailpro allows you to generate DKIM keys directly from your account and publish them in your domain’s DNS.

Once configured, outgoing messages sent through Mailpro will be automatically signed using your domain’s DKIM signature.

Learn how to configure DKIM in Mailpro ⟶


Related Authentication Topics

DKIM works best as part of a complete authentication strategy:

Mailpro combines authentication support, secure infrastructure, and deliverability best practices to help you protect your domain and keep your emails reaching real people.

Unleash the Power of Professional Email Marketing

Secure, scalable, and built for impact. Join Mailpro™ today and enjoy 500 free credits to send your first campaign.
Start Sending for Free