|As email continues to evolve as a major method of communication, ISPs are looking to see if the emails you are sending are actually coming from you.
In order to show ISPs that you are a trusted sender, you'll need to set up DomainKeys Identified Mail (DKIM) and authenticate your email. ISPs reward DKIM-authenticated email with better inboxing—meaning you get better open rates and more conversions because more people will see your message.
This article will provide an overview on DKIM authentication.
DKIM gives Google, Microsoft, and other Internet service providers (ISPs) the information they need to recognize you and your clients as trusted senders. That means more of your emails will get into the inbox instead of promotional or spam folders.
DKIM, at its core, allows mailboxes and recipients to verify that a received message is truly from the domain identified as the sender and has not been altered during its transmission. The verification is done through cryptographic authentication to ensure that receiving inboxes can ensure that no spoofing has taken place. ISPs are now looking to see if DKIM is in place, and they are actively inboxing emails from clients that have it set up—so it is very important that any email sent from SharpSpring has been sent from a domain that is authenticated.
The most common example of how domains can be spoofed is the infamous PayPal phishing scam. A phisher creates an email sending from a @paypal.com address that mirrors the normal look of a PayPal email. Normally, there is some type of fake alert in the email's subject line saying that your account has been compromised and that you need to sign into your PayPal account and provide some personal info. A link is included at the bottom of the email that pushes the recipient to a fake PayPal site where the phisher can collect any data that is shared on the site.
DKIM indicates to the receiving email box that these fake PayPal addresses are not actually from PayPal. From there, the inbox can quarantine the email to spam or bounce it away to protect the recipient from a potential phishing attack. In essence, DKIM is essential for you to protect your domain from people who may be trying to use your domain for nefarious purposes.
When setting up DKIM in SharpSpring, cryptographic keys are created. You, the sender, add the public keys to your DNS settings via CNAME records. When you create an email, the entire email is hashed and then signed into a unique text string using a private key available only to your domain. Then the email is transmitted to its intended destination.
During the email’s journey to its final destination, it may be picked up by various sources. Perhaps the recipient uses a webmail service that pushes the email to their desktop email app or a recipient receives the email and then forwards it to a colleague. Regardless of where it stops during its transmission path, any email box may query the domain’s DNS to gather their public key. The public key you add to your DNS is only a match to your private key, so the recipient’s email can decrypt the DKIM signature back to its original hash string.
Finally, the email provider recreates the hash and sees if it matches with the decrypted signature from the public key. If the two match, then email passes DKIM verification. This confirms to the provider that the domain in the email is truly owned from the sender, and that the message has not been changed in transit. This helps separate you from the spammers and phishers of the world who do not authenticate their emails.
As an example, a phisher receives an email from PayPal and attempts to forward it to a recipient after changing the PayPal link to their fake PayPal website that will attempt to harvest the recipient’s information. Since the message (including the link) is signed by DKIM, when the recipient’s email provider creates their own hash using PayPal’s public key, the hashes will not match, as there has been a change in the email. Conversely, if a recipient receives an email from PayPal and forwards it to a friend without changing anything in the email, DKIM will still pass as the hashes will match.
Setting Up DKIM
Adoption of DKIM has historically been slow, as it is difficult to integrate, but SharpSpring’s DKIM tool generates keys. All you need to do is add records generated into the app into your DNS records and your domain can be secured for use.
Setting up DKIM is simple and only takes 5-10 minutes if you have access to your DNS settings (outside of SharpSpring). SharpSpring has several different help resources available for you to get started. Below is a list of clickable help articles related to DKIM, including how-to instructions and videos on setting up DKIM for various popular providers:
Note: SharpSpring Support can assist with configuring CNAME and DKIM.
In certain cases, you may have to contact your administrator or IT specialist to get DKIM fully set up and configured.
Currently, nearly every major ISP has some method of email authentication. For more information on what kind of email authentication your ISP provides, contact your ISP.
DKIM, by itself, is not a surefire way to stop spoofing and completely authenticate an email, but it goes a long way in both ensuring your domain and brand are protected from unauthorized use. DKIM also serves to better your deliverability, as email providers can see you are taking steps to secure your email stream.
Locating SPF Records
You can check to see if you correctly set up CNAME records with MxToolBox. This website features a tool that can help. With it, insert the full key name from SharpSpring, and search as a CNAME Lookup. If successful, you should see the data from SharpSpring under the Canonical Name column in MxToolBox.
In fact, you can use this website to locate your SPF records. To locate your SPF records, do the following:
Click to enlarge.
Important: When entering your domain name, include the
Be aware that when you add your CNAME records for SharpSpring, you are adding both SPF and DKIM. No additional steps are necessary for email authentication.