What is DKIM?


    What is DKIM?
    DKIM stands for DomainKeys Identified Mail, is an email authentication method to add digital electronic signatures to email messages.
    It ensures that the email comes from a reliable source and doesn’t change or spoof during the transition between the sending and receiving servers.
    When you email, pair private / public key will be created.
    The private key is used to sign the email, the public key is published to the DNS of the domain using TXT records – a type of DNS The entry contains information for sources outside the domain.
    The DKIM record is used by the recipient’s server to authenticate your email (we will talk more about it later).

    Is the DKIM record important?

    The short answer, yes.
    The core of an emailing system is not built with security protocols. Therefore, sending emails appearing from legitimate sources (fake email) is very easy.
    In fake emails, the address shown to the recipient is different from the actual address. For example, the recipient notices the sender as [email protected], but really is the word [email protected].
    Because the recipient will not know the actual email sender, this technique is often used in phishing and spam attacks.
    So, using DKIM, the server receives mail (ISP) can verify mail messages from specific domains. It will be very difficult for fraudsters to use your brand to cheat.
    Email authentication also helps build domain reputation among ISPs and mail servers. Domains with authenticated email will have a higher reputation. That is to prevent email from moving to spam folders.

    How DKIM record works

    DKIM Record takes place in 2 servers – sending and receiving servers.
    In the sending server, the body and header of the email sent will be converted into hash (a unique text string, also known as cryptograph). The private key is then used to encrypt and digitally sign the hash.
    The server receives notification that incoming mail has DKIM signature. To authenticate it, the receiving server will retrieve the public key from the record TXT / DKIM of the domain to decode the signature back to the original hash.
    Having the decoded hash in hand, the next task for the recipient’s server is to generate its own hash from the header and the body of the email.
    If the decrypted hash matches a recently generated hash, that means the email is legitimate and not tampered with.

    How to set up DKIM record?

    The implementation of DKIM record may vary depending on the email hosting service. However, in general, the steps are as follows:

    1. Create your own selector

    A domain may have more public keys if it has more mail servers (each mail server has a private key that matches only the public key). The selector is an attribute in the DKIM signature that helps the recipient’s server find the correct public key from the sender’s DNS.

    2. Create a private-public key

    You need to use a tool in this step, depending on the operating system. SSH-Keygen is a great tool for users Linux and Mac. Meanwhile, Windows users can create key pairs with PuTTY.

    3. Add DKIM Record to Domain

    After obtaining the public key, you need to paste it into the correct location of DNS records. To do this, the steps may vary depending on the hosting provider.
    If you use Hostinger, and the domain name using Hostinger’s nameserver. You can easily enable DKIM records by the following:
    1. Move to Mail Service Control:
      mail service control
    2. Turn on the DKIM service (Manage DKIM service) then press the button update:
      Turn on the DKIM service
    3. Done, you should now see the DKIM record added inside the section TXT :
    If you are not using Hostinger’s email hosting service, log into the member area and select the domain name you want. Access DNS Zone Editor and fill it in TXT (text) Record using this format:
    selector-name_.domainkey
    For other hosting services, try contacting the hosting provider because every DNS editor is different.

    Epilogue

    Email spoofing is a common problem. To combat it, mail providers need some method to make sure incoming email is from a legitimate source.
    One of the email authentication methods is the DKIM record.
    We strongly recommend using it to authenticate emails from their domains.
    It will help your domain name be marked as trusted and your email will actually reach the customer’s inbox.
    So even when setting up DKIM records seems complicated, the long-term benefits are well worth it!

    No comments