DKIM

Also known as: DomainKeys Identified Mail

DKIM puts an invisible tamper-proof signature on every email your business sends, so receiving providers can confirm it really came from you and wasn't altered in transit.

What it is

DKIM stands for DomainKeys Identified Mail. It adds an invisible digital signature to every email your business sends. The receiving mail provider checks that signature against a matching key published in your domain settings. If they match, the provider knows two things: the email genuinely came from your domain, and nobody changed it along the way.

Think of it as a tamper-evident seal on an envelope. SPF says which post offices may send for you; DKIM proves the letter itself is genuine and unopened.

Why it matters to your business

Without DKIM, an email’s content can be forged or quietly altered, and providers have less to go on when deciding whether to trust a message in your name. With it, your email carries proof it’s the real thing.

This directly affects whether your email gets delivered. Gmail and Yahoo now expect business mail to be authenticated and will junk or reject what isn’t. DKIM is also one of the building blocks that lets you turn on full impersonation protection (DMARC). Skip it and you’re easier to fake and more likely to land in spam — both of which cost you sales and trust.

How to tell / what to do

Run your domain through our free checker to see whether DKIM is in place. If it’s missing, setting it up is a configuration step done by whoever manages your email — it’s free, and it’s well worth doing alongside SPF and DMARC. See the DKIM fix guide.

Want to fix this on your own domain? See the free guide →