Deploying DKIM Authentication in 4 Simple Steps


Table of Contents

DKIM is an emerging e-mail authentication standard supported by Yahoo, Google and others ISPs, as well as a growing number of Email Service Providers like Pinpointe and that was developed by the Internet Engineering Task Force. DKIM allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message.  Deploying DKIM for your company is pretty straightforward. If you are managing all of your own email servers and outbound email, including sales, marketing and transactional emails, there are 4 steps.  If you are using an ESP like Pinpointe- there are 2 very simple steps that take about 10 minutes.  Here’s the rundown.

Configuring DKIM (Companies Managing their Own MTAs)

A company needs to take 4 steps to deploy the emerging DomainKeys Identified Mail (DKIM) standard:

Step #1:
Figure out all the domains that are allowed to send outbound mail on its behalf. Often this includes multiple corporate domains as well as third-party e-mail Service Providers (like Pinpointe). This is often the hardest step – especially for large organizations.

Step #2:
Next you’ll use an online wizard to create the DKIM public / private key pairing and the policy record. The ‘public’ key is a key that will be placed in your public-facing DNS record along with what’s called a ‘policy record’.

The ‘private’ key is a long key that is installed on the MTA/Email sending system(s). When you send an email, the outgoing email server (or the outgoing server of your Email Service Provider, such as Pinpointe), adds the

Here are two online wizards you can use to create the public/private key pair and the policy record. You just enter your sending domain and a ‘selector’ – which is kind of like a password key (if you use an ESP – the ESP does all this for you):

Step #3:
Create DNS text records that include DKIM information for every domain that is used to send e-mail. These records will be inserted in your public facing DNS record for each sending domain.  If you don’t know how to insert / modify your DNS entry, you can find a description in our description of setting up an SPF record – the process is pretty much the same:

Step #4:
Upgrade your emails servers and/or software to support DKIM. (Note – In the Email world, Email servers are often called “message transfer agents” or “MTAs”).” MTAs are the last component of a messaging system to touch outbound e-mail. That’s where DKIM signatures are attached.

Steps to Implement DKIM with Pinpointe

If you are using an ESP like Pinpointe, the process is trivial:

Step #1  –   Ensure you have access to your domain’s DNS Entry (see step #2 above)

Step #2 – Call your ESP – Pinpointe. We’ll provide you the key information and policy entries for your DNS entry. We do all the rest.


He does not need any intro. Your know that he will only edit blog posts when it's needed.