DKIM records and keys

Think of DKIM as a "stamp of authenticity" on your emails. The private key signs the email, and the public key allows recipients to verify that it’s really from you and hasn't been altered.

DKIM (DomainKeys Identified Mail) is an email authentication method designed to help prevent email spoofing. It lets the recipient verify that the email was actually sent from the domain it claims to be from and hasn't been tampered with during transit.

1. We create a DKIM key pair, exclusive for your own domain:

   • We keep the private key securely
   • A public key is published in the domain’s DNS records - that's the record you set on your DNS

2. Signing Emails: When an email is sent, we use the private key to create a unique signature for that email, based on the email’s contents. This signature is added to the email header as a DKIM-Signature field.

3. Recipient Verifies the Email: When the recipient’s mail server receives the email, it fetches the public key from the sender’s DNS records and uses it to verify the signature. If the signature matches the contents of the email, the server knows:

   • The email is indeed from the claimed sender (domain).
   • The email wasn’t altered after being sent.

• Prevents Email Forgery: DKIM makes it much harder for spammers or attackers to send fake emails pretending to be from your domain.
• Improves Email Deliverability: Many email providers trust DKIM-signed emails more, so your legitimate emails are less likely to end up in spam folders.