
Email Best Practices 101
This email boot camp will help you to increase the ROI of your email operations with 15 proven tactics for boosting email deliverability.
DomainKeys Identified Mail, or DKIM, is a technical standard that helps protect email senders and recipients from spam, spoofing, and phishing. It is a form of email authentication that allows an organization to claim responsibility for a message in a way that can be validated by the recipient.
Specifically, it uses an approach called “public key cryptography” to verify that an email message was sent from an authorized mail server, in order to detect forgery and to prevent delivery of harmful email like spam. It supplements SMTP, the basic protocol used to send email, because it does not itself include any authentication mechanisms.
It works by adding a digital signature to the headers of an email message. That signature can be validated against a public cryptographic key in the organization’s Domain Name System (DNS) records. In general terms, the process works like this:
A domain owner publishes a cryptographic public key as a specially-formatted TXT record in the domain’s overall DNS records.
When a mail message is sent by an outbound mail server, the server generates and attaches a unique DKIM signature header to the message. This header includes two cryptographic hashes, one of specified headers, and one of the message body (or part of it). The header contains information about how the signature was generated.
When an inbound mail server receives an incoming email, it looks up the sender’s public DKIM key in DNS. The inbound server uses this key to decrypt the signature and compare it against a freshly computed version. If the two values match, the message can be proved to authentic and unaltered in transit.
A DKIM signature is a header added to email messages. The header contains values that allow a receiving mail server to validate the email message by looking up a sender’s DKIM key and using it to verify the encrypted signature. It looks something like this:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sparkpost.com; s=google; h=from:content-transfer-encoding:subject:message-id:date:to:mime-version; bh=ZkwViLQ8B7I9vFIen3+/FXErUuKv33PmCuZAwpemGco=; b=kF31DkXsbP5bMGzOwivNE4fmMKX5W2/Yq0YqXD4Og1fPT6ViqB35uLxLGGhHv2lqXBWwFhODPVPauUXxRYEpMsuisdU5TgYmbwSJYYrFLFj5ZWTZ7VGgg6/nI1hoPWbzDaL9qh
A DKIM signature header packs in a lot of information, as it is intended for automated processing. As you can see in this example, the header contains a list of tag=value parts. Notable tags include “d=” for the signing domain, “b=” for the actual digital signature, and “bh=” for a hash that can be verified by recalculating using the sender’s public key.
Signatures are by definition unique from message to message, but these basic elements will be present in every DKIM signature header.
DKIM, SPF, and DMARC are all standards that enable different aspects of email authentication. They address complementary issues.
If you are a business sending commercial or transactional email, you definitely need to implement one or more forms of email authentication to verify that an email is actually from you or your business. Properly configuring email authentication standards is one of the most important steps you can take to improve your deliverability. However, by itself it only goes so far; SparkPost and other email experts recommend also implementing SPF and DMARC to define a more complete email authentication policy.
Yes. SparkPost implements and adheres to email authentication standards including DKIM. In fact, all email we deliver for our users is required to be authenticated. Configuring it is an important step for verifying sending domains when you set up a new SparkPost account.
SparkPost’s Validator is part of our free email tools for developers. It’s the easiest way to verify your messages have working DKIM signatures.
Learn more about DKIM with these resources from SparkPost’s email experts and elsewhere on the web.
Learn more about how to configure and use DKIM with the SparkPost service in the SparkPost Support Center.
Develop your email industry expertise and master best practices with SparkPost’s email resources.
This email boot camp will help you to increase the ROI of your email operations with 15 proven tactics for boosting email deliverability.
Learn how third-party data shows the deliverability difference between SparkPost and also-ran cloud service providers yields hard, bottom-line benefits.
This practical course is a great way to get started understanding email deliverability and how to measure email performance.
Try SparkPost and see how we deliver far more value than the competition.