DKIM: Signing Your Email
DKIM, domainkeys identified mail, adds a tamper-proof digital signature to every email you send. The receiving server uses a key published in your DNS to confirm the message genuinely came from your domain and was not altered along the way.
Together with SPF, DKIM is a key ingredient in keeping your email trusted and out of the spam folder.
How the Signature Works
DKIM uses a pair of cryptographic keys. Your mail server holds the private key and signs each message; the matching public key lives in your DNS for anyone to verify against.
- Your server signs the outgoing message with the private key.
- The receiving server reads the signature in the message header.
- It fetches your public key from DNS.
- If the signature matches, the message is confirmed genuine and unmodified.
What You Need to Set Up
Your email provider generates the key pair and gives you a DNS record to publish. Once that record is live, signing happens automatically with no effort from your team.
Frequently Asked Questions
Does DKIM encrypt my email?
No — it signs and verifies messages but does not hide their contents. Encryption in transit is handled separately by TLS.
Can I have more than one DKIM key?
Yes. Each sending service can publish its own DKIM record under a different selector, so multiple keys coexist happily.
If you need a hand with any of this, your Progressive Robot delivery team is ready to help. Raise a ticket from the Support area of your client portal or speak to your account manager and we will guide you through the next steps.