As email continues to evolve as a major method of communication, ISPs are looking to see if the emails you are sending are actually coming from you. In order to show ISPs that you're a trusted sender, you'll need to set up DKIM and authenticate your email. ISPs reward DKIM-authenticated email with better inboxing—meaning you get better open rates and more conversions because more people will see your message. This article will provide an overview on DKIM authentication.
The following user roles have access to modify DKIM authentication in SharpSpring:
What is email authentication?
DKIM (also known as DomainKeys Identified Mail) gives Google, Microsoft and other Internet service providers (ISPs) the information they need to recognize you and your clients as trusted senders. That means more of your emails will get into the inbox instead of promotional or spam folders.
DKIM, at its core, allows mailboxes and recipients to verify that a received message is truly from the domain identified as the sender and has not been altered during its transmission. The verification is done through cryptographic authentication to ensure that receiving inboxes can ensure that no spoofing has taken place. ISPs are now looking to see if DKIM is in place, and are actively inboxing emails from clients that have it set up—so it's very important that any email sent from SharpSpring has been sent from a domain that is authenticated.
The most common example of how domains can be spoofed is the infamous PayPal phishing scam. A phisher creates an email sending from a “...@paypal.com” address that mirrors the normal look of a PayPal email. Normally, there is some type of fake alert in the email's subject line saying that your account has been compromised and that you need to sign into your PayPal account and provide some personal info. A link is included at the bottom of the email that pushes the recipient to a fake PayPal site where the phisher can collect any data that is shared on the site.
DKIM indicates to the receiving email box that these fake PayPal addresses are not actually from PayPal. From there, the inbox can quarantine the email to spam or bounce it away to protect the recipient from a potential phishing attack. In essence, DKIM is essential for you to protect your domain from people who may be trying to use your domain for nefarious purposes.
How does the authentication work?
When setting up DKIM in SharpSpring, cryptographic keys are created. You, the sender, add the public keys to your DNS settings via CNAME records. When you create an email, the entire email is hashed and then signed using your into a unique text string using a private key available only to your domain. Then the email is transmitted to its intended destination.
During the email’s journey to its final destination, it may be picked up by various sources. Perhaps the recipient uses a webmail service that pushes the email to their desktop email app or a recipient receives the email and then forwards it to a colleague. Regardless of where it stops during its transmission path, any email box may query the domain’s DNS to gather their public key. The public key you add to your DNS is only a match to your private key, so the recipient’s email can decrypt the DKIM signature back to its original hash string.
Finally, the email provider recreates the hash and sees if it matches with the decrypted signature from the public key. If they two match then email passes DKIM verification. This confirms to the provider that the domain in the email is truly owned from the sender and that the message has not been changed in transit. This helps separate you from the spammers and phishers of the world, who don't authenticate their emails.
Let’s illustrate the second point in an example. A phisher receives an email from PayPal and attempts to forward it to a recipient after changing the PayPal link to their fake PayPal website that will attempt to harvest the recipient’s information. Since the message (including the link) is signed by DKIM, when the recipient’s email provider creates their own hash using PayPal’s public key, the hashes won’t match as there has been a change in the email. Conversely, if a recipient receives an email from PayPal and forwards it to a friend without changing anything in the email, DKIM will still pass as the hashes will match.
How do I set up DKIM?
Adoption of DKIM has historically been slow, as it is difficult to integrate, but SharpSpring’s DKIM tool makes it easy to generate keys. All you need to do is add records generated into the app into your DNS records and your domain can be secured for use.
Setting up DKIM is simple and only takes 5-10 minutes if you have access to your DNS settings (outside of SharpSpring). We have several different help resources available for you to get started. Below is a list of clickable help articles related to DKIM including how-to instructions and videos on setting up DKIM for various popular providers:
- Setting Up DKIM and SPF
- Setting Up DKIM with GoDaddy
- Setting Up DKIM with Namecheap
- Setting Up DKIM with Host Gator
Be sure to check out the help articles we have available. In certain cases, you may have to contact your administrator or IT specialist to get DKIM fully set up and configured.
Currently, nearly every major ISP has some method of email authentication. For more information on what kind of email authentication your ISP provides, contact your ISP.
DKIM by itself is not a surefire way to stop spoofing and completely authenticate an email, but it goes a long way in both ensuring your domain and brand are protected from unauthorized use—as well as bettering your deliverability as email providers can see you’re taking steps to secure your email stream.