Suped

How to manage DKIM keys and domain reputation when aligning domains?

8 Marketer opinions4 Expert opinions5 Technical articles1 Resource

Summary

Managing DKIM keys and domain reputation when aligning domains involves a multifaceted approach, combining technical configurations, monitoring practices, and communication strategies. Experts recommend keeping both old and new DKIM keys active during the transition period, prioritizing IP warm-up for the new domain if double-signing isn't possible, and regularly rotating DKIM keys for security. Domain alignment is crucial for deliverability, and DKIM key size should be at least 2048 bits. DMARC policies help manage authentication failures, and SPF/DKIM should be properly configured. Continuous monitoring using tools like Google Postmaster Tools is essential, alongside verifying DKIM alignment with online tools and setting up DKIM records correctly. Communication of domain changes to end-users and domain separation can further mitigate risks. Finally, regularly checking DKIM records helps ensure proper setup and function.

Key findings

  • DKIM Key Management: Keep both old and new DKIM keys active during the transition, and rotate keys regularly for security.
  • Warm-up Strategy: Prioritize IP warm-up for the new domain to establish a positive sender reputation.
  • Domain Alignment Importance: Ensure proper domain alignment to improve deliverability and build trust with email providers.
  • DMARC Implementation: Implement DMARC policies to manage authentication failures and prevent spoofing.
  • Continuous Monitoring: Actively monitor domain reputation using tools like Google Postmaster Tools.
  • Communication with End-Users: Communicate domain changes to end-users to minimize spam complaints and unsubscribes.
  • Technical Validation: Utilize online tools to verify DKIM alignment and ensure proper record setup.

Key considerations

  • Security Measures: Regularly rotate DKIM keys and implement DMARC policies to enhance email security and prevent spoofing.
  • Reputation Management: Prioritize IP warm-up and continuous monitoring to maintain a positive sender reputation.
  • Technical Compliance: Ensure DKIM signatures are valid and SPF/DKIM records are properly configured.
  • Transparency and Communication: Maintain open communication with end-users to manage expectations and minimize negative impacts.
  • Risk Mitigation: Employ domain separation strategies to isolate reputation risks associated with different email types.

What email marketers say
8Marketer opinions

When aligning domains, it's crucial to manage DKIM keys and domain reputation effectively. Key strategies include ensuring domain alignment for better deliverability, using a DKIM key size of at least 2048 bits, warming up IP addresses with gradually increasing sending volumes, actively monitoring domain reputation using tools like Google Postmaster Tools, verifying DKIM alignment with online tools, setting up DKIM records correctly, communicating domain changes to end-users, and separating email types into subdomains to minimize risks.

Key opinions

  • Domain Alignment: Domain alignment between the 'From' address and DKIM/SPF authentication improves email deliverability by building trust with email providers.
  • DKIM Key Size: Using a DKIM key size of at least 2048 bits enhances security and deliverability.
  • IP Warm-up: Warming up IP addresses gradually after domain alignment helps establish a positive sender reputation.
  • Reputation Monitoring: Actively monitoring domain reputation using tools like Google Postmaster Tools is essential for detecting and addressing deliverability issues.
  • DKIM Verification: Online tools and email testing services can verify DKIM alignment to identify potential problems.
  • DKIM Record Setup: Properly setting up DKIM records with the public key from your email service provider is crucial for authentication.
  • Communication: Communicating domain changes to end-users reduces spam complaints and unsubscribes.
  • Domain Separation: Separating email types into subdomains helps isolate reputation risks.

Key considerations

  • Deliverability Impact: Poor domain alignment and DKIM configuration can negatively impact email deliverability and sender reputation.
  • Warm-up Strategy: Develop a careful IP warm-up strategy to gradually increase sending volumes and establish a positive sender reputation.
  • Tool Utilization: Utilize tools like Google Postmaster Tools, online DKIM checkers, and email testing services to monitor and verify domain alignment.
  • User Experience: Inform end-users about domain changes to manage expectations and minimize negative feedback.
  • Risk Mitigation: Implement domain separation to isolate reputation risks associated with different types of email.
Marketer view

Email marketer from SparkPost shares the importance of actively monitoring your domain reputation after aligning domains. Use tools like Google Postmaster Tools to track metrics like spam complaints, IP reputation, and DKIM/SPF authentication rates.

November 2021 - SparkPost
Marketer view

Email marketer from an email marketing forum suggests communicating domain changes and what this means for the end user. Explaining this reduces the number of spam complaints and unsubscribes that may occur during the IP warm up phase.

November 2021 - Email Marketing Forum
Marketer view

Email marketer from Reddit explains that when changing or aligning domains, you need to warm up your IP addresses. This means starting with low sending volumes and gradually increasing them over time to establish a positive sender reputation.

January 2022 - Reddit
Marketer view

Email marketer from StackOverflow suggests to use online tools or email testing services to verify the DKIM alignment after making changes. These tools can help identify any issues with the DKIM signature or DNS records.

January 2025 - StackOverflow
Marketer view

Email marketer from Mailjet shares the importance of domain alignment for improving email deliverability. Domain alignment ensures that the domain used in the 'From' address matches the domain used for DKIM signing and SPF authentication. This alignment builds trust with email providers and helps prevent emails from being marked as spam.

September 2024 - Mailjet
Marketer view

Email marketer from EasyDMARC shares that the size of the DKIM key can impact deliverability. They recommend using a key size of at least 2048 bits for optimal security and deliverability.

July 2023 - EasyDMARC
Marketer view

Email marketer from MailerQ suggests that different types of emails should come from different subdomains to reduce domain reputation risks. This isolates risk to less important emails.

April 2022 - MailerQ
Marketer view

Email marketer from SendGrid shares the steps for setting up a DKIM record. After aligning domains, create a TXT record in your DNS settings with the DKIM public key provided by your email service provider to authenticate your outgoing emails.

April 2022 - SendGrid

What the experts say
4Expert opinions

When aligning domains, it's important to manage DKIM keys and domain reputation effectively. Experts recommend keeping both old and new DKIM keys active during the transition to maintain reputation and warm up the new domain. If double-signing isn't possible, prioritizing the warm-up process for the new domain is vital. Continuous monitoring using tools like Google Postmaster Tools and Sender Score helps detect and address deliverability issues. When rotating keys, keep the old key published for a period (at least 7 days) to ensure delivery of messages signed with it.

Key opinions

  • DKIM Key Transition: Keeping both old and new DKIM keys active during domain alignment assists in maintaining reputation and warming up the new domain.
  • Warm-up Importance: Prioritize the warm-up process for the new domain, especially when double-signing isn't an option.
  • Continuous Monitoring: Continuous monitoring using tools like Google Postmaster Tools and Sender Score is crucial for detecting and addressing deliverability issues.
  • DKIM Key Rotation: When rotating keys, keep the old key published for a period (at least 7 days) to ensure delivery of messages signed with it.

Key considerations

  • Reputation Management: Carefully manage domain reputation during and after domain alignment to avoid deliverability problems.
  • Warm-up Strategy: Develop a well-planned warm-up strategy to gradually increase sending volume on the new domain.
  • Monitoring Tools: Utilize tools like Google Postmaster Tools and Sender Score to monitor key metrics and address issues promptly.
  • Key Rotation Practices: Implement proper key rotation practices, including keeping the old key published for a sufficient period.
Expert view

Expert from Email Geeks recommends keeping both DKIM keys for a while when aligning domains to assist with the reputation of the existing key and grow the reputation of the new key. They also note the need for a warm-up period.

April 2023 - Email Geeks
Expert view

Expert from Spam Resource explains that after making DKIM changes or aligning domains, continuous monitoring of your domain reputation is crucial. They recommend utilizing tools like Google Postmaster Tools and Sender Score to track metrics such as spam complaints, blocklist status, and overall sender reputation. Early detection of issues allows for prompt corrective actions to maintain deliverability.

April 2021 - Spam Resource
Expert view

Expert from Email Geeks advises to start the warmup process for the new domain if double-signing is not an option.

February 2025 - Email Geeks
Expert view

Expert from Word to the Wise answers that if you rotate your DKIM keys on a schedule, ensure that you continue to publish the old key as well as the new one for a period. This makes sure that any messages signed with the old key have time to be delivered. How long you publish the key for depends on your sending patterns but 7 days minimum should be sufficient.

August 2024 - Word to the Wise

What the documentation says
5Technical articles

Managing DKIM keys and domain reputation when aligning domains involves several crucial steps. Rotating DKIM keys regularly enhances security. Implementing a DMARC policy ensures that receiving mail servers know how to handle messages failing DKIM and SPF checks, leveraging DKIM for authentication. Adhering to DKIM signature specifications (RFC 6376) guarantees valid and properly formatted signatures. Proper configuration of both SPF and DKIM for aligned domains is essential for enhanced deliverability. Checking DKIM records can be achieved via online or command-line tools.

Key findings

  • DKIM Rotation: Regular DKIM key rotation is a security best practice.
  • DMARC Policy: A DMARC policy, in conjunction with DKIM, instructs receiving mail servers on how to handle authentication failures and prevents spoofing.
  • DKIM Signature: Valid and properly formatted DKIM signatures are crucial for passing authentication checks.
  • SPF and DKIM: Correct configuration of SPF and DKIM for aligned domains enhances deliverability and prevents spoofing.
  • Record Checking: DKIM records can be verified using online or command-line tools.

Key considerations

  • Security: Regularly rotating DKIM keys enhances email security.
  • Authentication: Implementing DMARC with DKIM is crucial for robust email authentication.
  • Technical Standards: Adhering to DKIM technical specifications ensures signature validity.
  • Configuration: Properly configure SPF and DKIM to maintain deliverability across aligned domains.
  • Verification: Regularly check DKIM records to ensure correct setup and function.
Technical article

Documentation from DMARC.org explains that a DMARC policy allows domain owners to tell receiving mail servers what to do with messages that fail DKIM and SPF checks. When aligning domains, DMARC leverages DKIM to ensure messages are authenticated, preventing spoofing and phishing attempts.

July 2022 - DMARC.org
Technical article

Documentation from RFC 6376 explains the technical specifications of DKIM signatures. When aligning domains, it's crucial to ensure the DKIM signature is valid and properly formatted to pass authentication checks.

June 2022 - RFC 6376
Technical article

Documentation from Microsoft explains how SPF and DKIM work together. Ensure both SPF and DKIM are properly configured for both the original and aligned domains to enhance deliverability and prevent spoofing.

March 2024 - Microsoft
Technical article

Documentation from AuthSMTP shares that checking your DKIM records can be done through online tools or command line tools such as `dig` or `nslookup`.

April 2022 - AuthSMTP
Technical article

Documentation from Google Workspace Admin Help explains that rotating DKIM keys regularly (every few months) is a security best practice. It involves generating a new key pair, updating the DNS record with the new public key, and then gradually phasing out the old key after ensuring it's no longer in use.

November 2021 - Google Workspace Admin Help

Related resources
1Resource

Try EasyDMARC DKIM Checker | Free DKIM Lookup Tool
Try EasyDMARC DKIM Checker | Free DKIM Lookup Tool

EasyDMARC’s DKIM test tool is the easiest way to check incoming and outgoing emails for tampering-during-transit and intact digital signatures

EasyDMARC

Related questions