Email is the primary communication channel for businesses. However, thanks to scammers, emails aren’t 100% secure. That’s why you need DKIM (DomainKeys Identified Mail) for the verification of the sender’s identity.
What is DKIM?
DomainKeys Identified Mail (DKIM) is a security standard protocol that verifies the email sender’s identity and ensures that the email has not been tampered with during transit.
DKIM adds a unique cryptographic signature to outgoing emails. This signature is generated using a private key held by the sender domain. It can be verified by anyone with access to the corresponding public key, which is published in the domain's DNS records.
Importance of DKIM
When the email reaches its destination, the recipient's email server can use the public key published in the DNS records of the sender's domain to verify the signature. If the signature is valid, it means that the email is indeed from the claimed sender and hasn't been altered during transit.
DKIM combats email fraud and scammers by confirming the authenticity of the sender. It reduces the likelihood of phishing attacks.
Emails with valid DKIM signatures are more likely to pass through spam filters deployed by ESPs, which maintain high deliverability rates. This way, the sender’s emails are less likely to get marked as spam.
DKIM authentication builds trust between senders and recipients. This ensures the recipients that the messages they receive are authentic and they are less likely to report the sender’s email address as spam.
DKIM ensures that the content of an email remains unchanged during transmission. This is crucial for critical communications, such as legal documents or sensitive information, where alterations could have serious consequences.
Senders can stay compliant with internet standards such as the CAN-SPAM Act, and GDPR for data protection with DKIM authentication.
What is DKIM Record?
DKIM record is a CNAME or TXT record in the DNS on your domain. Unlike DNS TXT records, DKIM record names follow this format:
[selector]._domainkey.[domain]
Here, the selector is a unique value provided by the ESP and the domain is your domain or subdomain (for example, domain.com).
The receiving email server looks up the DKIM record in a newly received email for the public key to verify the authenticity of the sender.
How to Add DKIM in CloudFlare?
1. Generate DKIM Record
You can either generate DKIM records manually or if you are using third-party ESPs, you can generate the DKIM public keys from the portals.
For example, you can use DKIM generator tools like EasyDMARC, DMARCLY, or PowerDMARC. Implement the Public Key in your DNS and Private Key in the server.
2. Set Up the DKIM record in CloudFlare
Now that you have the DKIM record, follow these steps:
Log in to your CloudFlare account and navigate to the dashboard.
On the CloudFlare homepage, search the domain and click on it.
Now click on the DNS button. Here, you can create your domain’s DKIM record.
Now, keep the record type CNAME. Fill in the Name (set it to s1._domainkey) and Target field.
Click to save. You are done adding the CloudFlare DKIM record.
In case you want to check the CloudFlare published DKIM record, you can use DKIM record checker tools. However, changes made might need some time to update. So, if you can’t find it, wait for an hour and recheck.