How to configure DomainKeys DKIM for email authentication and is it still relevant?
Summary
What email marketers say14Marketer opinions
Email marketer from Email Marketing Forum shares that while DomainKeys was a precursor to DKIM, it's now deprecated, and focusing on DKIM and SPF is sufficient.
Marketer from Email Geeks suggests creating a virtual testbed environment with legacy CentOS builds, BIND, and sendmail to test DomainKeys, as modern software doesn't support it.
Email marketer from Reddit says DomainKeys is outdated and has been superseded by DKIM. Focusing on DKIM implementation is the best approach for modern email authentication.
Email marketer from GlockApps says to verify DKIM is to use a DKIM record checker to inspect your DNS settings and ensure your email server is correctly signing messages.
Email marketer from Mailchimp shares that DKIM helps verify the authenticity of emails sent from your domain, improving deliverability. They detail the steps of adding a DKIM record to your domain's DNS settings, emphasizing its role in building trust with email providers.
Email marketer from SendGrid answers that DKIM helps prevent email spoofing and phishing attacks by allowing recipients to verify that an email was indeed sent by the domain it claims to be from. Properly configured DKIM improves email deliverability and sender reputation.
Marketer from Email Geeks explains testing with testing mode before full use and asks about the specific software being used to sign messages with DomainKeys.
Email marketer from AuthSMTP shares that DKIM is used to assert that a message is genuine and hasn't been altered during transit. It is not a guarantee of deliverability but adds authentication.
Marketer from Email Geeks confirms that the provided DNS record format looks correct for DomainKeys, with t=y indicating testing mode.
Marketer from Email Geeks explains that sender adoption of DomainKeys is irrelevant if no receiver is checking it, and most senders simply never turned it off in their MTA.
Email marketer from EasyDMARC details the DKIM setup steps, including generating a public/private key pair, publishing the public key as a DNS TXT record, and configuring the email server to sign outgoing messages with the private key.
Email marketer from SparkPost explains how to set up DKIM by generating a key pair, adding the public key to DNS, and configuring the email infrastructure to sign outgoing messages with the private key. It also covers key rotation best practices.
Email marketer from Proofpoint answers that DKIM is generally preferred over DomainKeys because of its more advanced cryptographic methods and greater adoption across the email ecosystem.
Marketer from Email Geeks clarifies that DomainKeys is deprecated and no longer in use, even by Yahoo!, the originator.
What the experts say4Expert opinions
Expert from Email Geeks says many ESPs layered DKIM on top of existing DomainKeys implementations, but DomainKeys signatures were often failing due to lack of care.
Expert from Email Geeks says DomainKeys is extra processing time and bytes, and not used by recipients, so whatever you do doesn’t matter.
Expert from SpamResource.com explains that DKIM (DomainKeys Identified Mail) is an email authentication system designed to detect email spoofing by providing a mechanism to allow mail receivers to determine whether incoming email from a domain is authorized by that domain's administrators. It is still very relevant and should be used with SPF and DMARC.
Expert from Word to the Wise explains that DomainKeys has been superseded by DKIM and is no longer relevant. Systems that support DKIM generally do not validate DomainKeys, making it unnecessary to configure. Focus efforts on DKIM implementation instead.
What the documentation says4Technical articles
Documentation from OpenDKIM.org details how to configure OpenDKIM, an open-source DKIM implementation, including generating keys, configuring the signing table, and integrating with mail transfer agents (MTAs) like Sendmail or Postfix.
Documentation from Valimail explains DKIM setup involving generating a DKIM key pair, adding the public key to your DNS records as a TXT record, and configuring your email sending server to sign outgoing emails with the private key. It also emphasizes the importance of testing the DKIM configuration to ensure proper implementation.
Documentation from ietf.org details the DomainKeys Identified Mail (DKIM) Signatures specification, explaining how it provides a method for cryptographically signing email messages, permitting a signing domain to claim responsibility for a message and a recipient to verify the signature.
Documentation from Microsoft explains how to use DKIM to sign email sent from your Microsoft 365 custom domain. Signing outbound email messages with DKIM allows receiving email systems to verify that messages sent from your organization's domain are authentic.