1. Main page
  2. Help
  3. How to use your personal account
  4. Domains
  5. 2. DKIM: How to configure and why it is necessary

2. DKIM: How to configure and why it is necessary

2. DKIM: How to configure and why it is necessary

DKIM (DomainKeys Identified Mail) is an email authentication standard. It helps ensure that an email was truly sent from your domain and that it arrived to the recipient in its original form, meaning it was not altered by attackers along the way.

The concept is based on cryptography

A pair of cryptographic keys is created: a private key and a public key. The private key can be used to securely encrypt messages, and the public key can be used to decrypt them. The public key is published in the domain’s DNS records, while the private key is securely stored on the mail server. When an email is sent, a digital signature is added to its headers. It is created using a well-known cryptographic algorithm. A string used for signing is generated; it includes the email body and several important headers that contain information such as the sending date, the recipient, and more. This string is encrypted with the private key and added to the message. The receiving side (the recipient’s mail server) can decrypt this signature using the public key published in the DNS records and compare it with the expected value. If the message was altered during transmission, the signature will not match. Also, only an authorized sender possesses the correct private key to create a valid signature. Thus, the recipient’s server can verify that the message is authentic and sent by a legitimate sender. This powerful protection mechanism is not sufficient on its own — you must also configure SPF and DMARC.

How to create a key?

  1. In your sender-solutions.com account, open the desired project or create a new one.
  2. Go to the DKIM keys tab in the sidebar.
  3. You will see a form for creating a new key. It consists of three fields:
    1. Title — a free-text field for your convenience, so you can identify the key later. A single domain may have multiple DKIM keys.
    2. Domain — the domain name from which emails will be sent. Do not include a protocol; enter only the domain name, for example example.com.
    3. Selector — a string that will become part of the domain name (DNS). It may contain only Latin letters (a–z), digits, and hyphens, and cannot begin or end with a hyphen. It is recommended to use a short and clear value, such as dkim2025 or v1.
  4. Click Add

A pair of private and public keys will then be generated. The private key will be securely stored on our server and cannot be downloaded. The public key must be published in the domain’s DNS records. Instructions on how to do this will appear on the key editing page.

Activate the key and use it for sending emails only after the public key has been published in your domain’s DNS records. Make sure the sender-solutions.com system has successfully verified the publication.