DKIM Analyzer

DKIM stands for DomainKeys Identified Mail. It is an email authentication method that uses digital signatures to verify the authenticity of emails.

There are several advantages of checking DKIM records. Firstly, it discourages fraudsters because in any case, recipient email servers would easily identify their emails as spam or forged emails.

Next, it is an added layer of security for emails and a part of the email sending best practices.

Also, it helps separate the good emails from the bad emails: without DKIM records, even genuine emails can be classified or labeled as spam. That would adversely affect email deliverability and there drastically lower the email marketing ROI.

The sender email server would have generated a public/private key for the digital signature for outgoing emails. When the recipient email notices there’s an email at the doorstep, it will pull out the public key from the DNS. This will be used to see whether the signature was created using the matching private key. If there is a match, the recipient email server is satisfied that the email is authentic.

It also means that the email content has not been altered after the digital signature was placed. The same may extend to attachments.

A DKIM selector is a string in DKIM records directing you to the public key. At the time of creating the DKIM signature, you will be asked to specify the private key to be used. When the recipient server receives the email, it will use the DKIM selector to extract the public key that’s used for authentication.

The most common method to find the DKIM selector is to send an email to yourself. View the email in the form of ‘original message’. In case you don’t see the ‘original message’ option in your email, try ‘full headers’, ‘view mail headers’ ‘show original’ or ‘raw’. Remember, you’re looking for the header of the message, because that’s where the DKIM-signature will be.

Within the DKIM-signature, the selector is mentioned with the “s =” attribute.

Here is a very simplified explanation of how DKIM works. When an email is sent, the sender server attaches a digital signature to the header of the message. Next, the recipient email server extracts this signature. Finally, with the help of public key from the DNS system, the recipient server verifies if the DKIM-signature check returns a valid response.

In a sense, it lets sender domains or organizations provide evidence of authentication, in a way that recipients can verify the evidence and decide if the incoming email is genuine or fraudulent.

Each recipient email server is free to decide how to treat the incoming email whose signatures don’t match. This policy of the recipient email server is called Local Policy, since it does not have to extend to other servers. The Local Policy may decide to reject the incoming email or can quarantine the email.

The results of your email marketing campaigns depend largely upon the various best practices you follow. And one of them is the email data quality of your mailing list. You can check the validity of individual emails using our free email checker tool. If you wish to verify entire mailing lists, you can sign up for a free account and take advantage of free credits.