DKIM
DKIM (DomainKeys Identified Mail) is an email authentication method that uses cryptographic signatures to verify that an email was sent by the domain it claims to be from and hasn't been tampered with in transit.
What Is DKIM?
DKIM works by adding a digital signature to the header of every outgoing email. The sending server signs the email with a private key, and the receiving server verifies it using a public key published in the sender's DNS records. This signature covers parts of the email header and body, so any modification during transit will break the signature. DKIM is more robust than SPF because it travels with the email — it works even when emails are forwarded, which is a common scenario that breaks SPF checks.
Why It Matters for Newsletters
DKIM is now considered essential for email authentication. Google and Yahoo require DKIM for bulk senders (over 5,000 emails per day), and it's a key factor in DMARC alignment. Without DKIM, your emails are more likely to be marked as spam, and you can't set up a DMARC policy — which is increasingly required for inbox placement.
Best Practices
- Use a 2048-bit key for stronger security
- Rotate DKIM keys periodically (every 6-12 months)
- Ensure your DKIM signature covers important headers like From, Subject, and Date
- Test your DKIM setup using tools like MXToolbox or mail-tester.com
- Always pair DKIM with SPF and DMARC for full authentication
How Aldus Handles This
Aldus generates DKIM keys automatically when you configure a custom sending domain. You add the provided CNAME records to your DNS, and Aldus handles the signing of every outgoing newsletter. The platform verifies DKIM is working correctly before enabling your custom domain for sending.