Do you offer DKIM signing and support?

Yes - we do offer a function to DKIM sign your emails.

What is DKIM signing?

DKIM (DomainKeys Identified Mail) allows email senders to 'sign' their messages and for recipients to be able to 'verify' that those messages are genuine. It is mainly designed to reduce spoofing/faking of the sender's email addresses or message content - it does not automatically guarantee delivery but it can improve deliverability.

Email messages signed with DKIM would include a 'DKIM-Signature' field in the header - this is essentially a cryptographic signature of various parts of the message. When the recipient's email system receives the message it would decrypt this signature using the sender 'public key' which is published as part of the sender's DNS record.

What parts of the message do you sign?

We DKIM sign the following elements of each message:

  • Header From Address
  • Header To Address
  • Header Reply-To Address
  • Header Subject Line
  • Header Message ID
  • Message Body (including attachments)

IMPORTANT: As per the RFC / DKIM standards it is very important that you only include one of the above in each message. If you include duplicate header fields (i.e. Multiple 'To:' header fields) we will only sign the last one, all others with be ignored and your message may fail DKIM verification upon delivery.

Do you use a shared DKIM key?

No - we issue a unique DKIM key for each domain name so your DKIM reputation cannot be affected by other senders.

Will this affect the email I send from my domain name via other providers or servers?

No - the DKIM key uses an AuthSMTP specific 'selector' and the signing will only apply to messages sent via your AuthSMTP account.

How do I enable DKIM signing on my account?

DKIM is enabled on a per domain basis - to enable DKIM on your domain names please log in to the control panel and go to 'Advanced Config' -> 'DKIM Signing'.

What if I sign the messages myself?

When sending emails via AuthSMTP you can use DKIM-compliant email applications/libraries to pre-sign your email messages before sending them to us. If doing this we recommend you check which parts of your messages need signing and testing fully before using them in a production environment.

Emails sent through AuthSMTP with DKIM signatures already in place will pass through unmodified even if you ask us to DKIM sign the messages.

For more (specific) information on DKIM see the official DKIM Website.

What can go wrong?

The following common issues will prevent your messages from being signed (but not limited to):

  • If we enable DKIM signing on your account and then you DKIM sign the messages yourself before submitting them to us we will not resign them again, they will just pass through unmodified.
  • DKIM-signed messages must be sent using 7-bit encoding, messages sent using 8-bit encoding may be processed incorrectly and result in DKIM verification failure.
  • The individual line lengths in your email content mustn't exceed the length permitted by the RFC standards, the absolute maximum is 998 characters including any line breaks but we would recommend that you keep it under this, if they exceed that limit DKIM will not verify and the message is likely to be filtered or rejected.
  • If for any reason the DKIM key is removed from your domain name's DNS after the initial setup your messages will continue to be signed but will fail DKIM verification, this may result in your messages being rejected or filtered to a spam folder.
  • Our systems have several redundancy features in place that trigger in the event of an outage or extreme spike in mail flow/resource usage, in the event of certain types of issues we may not DKIM sign messages to preserve the flow of email. This is unlikely, but a requirement to maintain service availability.

Is there any other recommendations when sending DKIM-signed messages?

Yes - there are several other best practices when sending DKIM signed messages:

  • Setup an SPF record for your domain name.
  • Setup a DMARC record for your domain name.
  • Ensure that your message content is standards-compliant and does not include anything that may trigger spam filters.

If you have any questions please contact us.