Skip to main content
All CollectionsEmail Services
DKIM Setup and Support
DKIM Setup and Support

This article outlines how DKIM works and how to enable it on your Webnames-hosted email services.

Garrett Saundry avatar
Written by Garrett Saundry
Updated over a week ago

Overview of DKIM

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing. It allows the receiver to check that an email claiming to come from a specific domain was indeed authorized by the owner of that domain. DKIM uses a digital signature, which is added to the email's header and verified by the recipient's mail server using the sender's public key.

Features and Benefits of DKIM

  1. Email Authentication: DKIM helps verify that the email was sent by an authorized mail server, reducing the risk of email spoofing.

  2. Integrity Check: It ensures that the email content has not been altered during transit.

  3. Improved Deliverability: Emails signed with DKIM are less likely to be marked as spam, improving deliverability rates.

  4. Enhanced Security: By preventing email spoofing, DKIM helps protect against phishing attacks and email fraud.

  5. Brand Protection: It helps maintain the sender's reputation by ensuring that only legitimate emails are sent from their domain.

How DKIM Works

DKIM uses asynchronous encryption to secure emails. This means it uses a pair of keys:

  1. A private key to create a unique signature for each outbound email, and

  2. A public key to which is later used to verify that signature.

  • Creating a DKIM Signature via Private Key:

    • A private key resides on the mail server, and is used by the server to generate a special code (the DKIM signature) by combining each outbound email's content with the private key. The sender's email server generates a unique DKIM signature for each email.

  • Adding the DKIM Signature:

    • The generated DKIM signature is added to the email's header as a DKIM-Signature field.

Example header fields in a DKIM-signed email:

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=simple/simple; d=webnames.ca; s=mail; bh=bM4geswjXk4vOyViSCxnTzo1KW2mpVshmtFpcIqOcK0=; h=Content-Language:Content-Type:MIME-Version:Message-ID:Date:Subject:To:From; b=GwCP05tBA6Jv0Q0hsMQng/L95OsYbeLW2jREx5NYA18DY1nJy8OnV8q2ut2EFvXxkMSTextOSK WyePaViZOseux5PC/xvD/gza34Zfkj09A2ILlfpF8lE06+CLPIeYXPlUWzEzAUMyStNzDgGiDEhr4 oCccX27pNpwPr3K9MyLKrlwX1qUEDMyJgHwnTCdLyWqwEX2j0t47TPTDsk2nty+XnEUf88poQOrln dKrSwkPntZpki5Yho29LRvRKa9q6JWKMCxmCUVTY0ULCN6wegoWYQOseoSrrp7U+CPH+vxjNCojMv tTwNbd7g5wgsQp+Ule9GCQEM9fJ586KkIkBtA==

  • Sending the Email:

    • The email, now containing the DKIM signature, is sent to the recipient.

  • Verifying the DKIM Signature via Public Key:

    • The public key, published in the domain's DNS records, allows the email recipient's server to check this signature and confirm the email's authenticity and integrity. Upon receiving the email, the recipient's mail server retrieves the sender's public key from the sender's domain's DNS records.

Example TXT Record in a sender's DNS:

mail._domainkey.domain.ca. 21600 IN TXT "v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3k4A5sEyZVVCMAz7MMXS/IxX+epN0RPPVJpgSYVslzwKwQQCgaIeeemUcWUbWcxi7h6Y9rxpawpoNDd0GnSSjFj4rTtmlygTRveltRgfuEvef/P09Yoihh2XtvxTm0lcBAeLnQrZLrLc2iqRh1kBOACCnnP1c2lG4re9WJoCM2EseRTq0gYTG4CXhUsV7vJCRv0G64Dr" "lnQtgGax1KnZUocqtB4+VHExIjeGgnBmOEU6ugytYdoANCAPPwoXKvhzMkFveCCnDXO3Cw6DGU2ha5fDD5Fr9CQQAv66jMf6NxMOLSWp8948HD9R3e4Idl49YaoVqlWKqFyywQapFQX99wIDAQAB"mail._domainkey.saundry.ca. 21600 IN TXT "v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3k4A5sEyZVVCMAz7MMXS/IxX+epN0RPPVJpgSYVslzwKwQQCgaIeeemUcWUbWcxi7h6Y9rxpawpoNDd0GnSSjFj4rTtmlygTRveltRgfuEvef/P09Yoihh2XtvxTm0lcBAeLnQrZLrLc2iqRh1kBOACCnnP1c2lG4re9WJoCM2EseRTq0gYTG4CXhUsV7vJCRv0G64Dr" "lnQtgGax1KnZUocqtB4+VHExIjeGgnBmOEU6ugytYdoANCAPPwoXKvhzMkFveCCnDXO3Cw6DGU2ha5fDD5Fr9CQQAv66jMf6NxMOLSWp8948HD9R3e4Idl49YaoVqlWKqFyywQapFQX99wIDAQAB"

  • The server uses this public key to decrypt the DKIM signature and compares the decrypted hash with a newly generated hash of the email's content.

  • If the hashes match, it confirms that the email has not been altered and is indeed from the claimed sender.

This process helps ensure that the email is genuinely from the claimed sender and hasn't been tampered with.

Implementing DKIM

Webnames.ca is currently offering DKIM support upon request.

Prerequisites for DKIM

  • Sender email must be hosted by Webnames.ca

  • Sender must be able to add a TXT record to their domain's DNS

  • Since all legitimate sources of email must be signed with the proper DKIM signature, at this time Webnames must be the only source of legitimate email for the sender's domain. No other mail systems/platforms can be in use*.

Process for enabling DKIM

  1. Ensure that all the aforementioned prerequisites are met.

  2. Contact Webnames support staff and make a request to have DKIM enabled on your domain. Be sure to include what that domain is.

  3. As part of the enabling of DKIM, a TXT record will be produced which needs to be applied to your domain's DNS.

    1. If Webnames hosts your DNS, our support staff will add that record to your DNS on your behalf.

    2. If Webnames does not host your DNS, our support team will provide you with the TXT record, which in turn you will need to take steps to have that applied via your DNS provider.

  4. Once the TXT record is confirmed to be in place, DKIM will be enabled on the Webnames mail servers.

  5. At this point, DKIM is now enabled on your domain name.

*This limitation is subject to change over time. Technically speaking, in order to allow multiple sources/platforms to all be considered legitimate sources of DKIM-signed email, each mail provider/platform must sign all outbound email using the same private key.


โ€‹

Related Articles
Account Notifications
Creating a new email account
Unauthenticated email and SPF
Domain Verification
SPF and DMARC: Purpose, Function, and Implementation
Did this answer your question?