When you send emails, mailbox providers (such as Gmail, Outlook, AOL, and Yahoo) identify if emails are legitimate or are sent by a spammer or phisher. This includes emails sent from SpinOffice CRM. This is why setting up email authentication is important.

There are three established authentication standards used to verify a sender’s identity. SPF, DKIM, and DMARC. Since February 2024, Gmail and Yahoo require DKIM and DMARC authentication to achieve delivery. Other mailbox providers already expect senders to authenticate their email traffic through SPF.

Of these email authentication standards, only one comes with a super-secret, encrypted digital key and that is DKIM,

What is DKIM and how does it work?

DKIM (DomainKeys Identified Mail) is a signature any sender can apply to their email messages. This signature makes clear that the message’s sender is actually the message’s sender and not a bad actor. You can use any domain as the signature. For example, a company called “Red Bananas” will sign their messages with the “redbananas.com” domain to confirm that the message was sent by “Red Bananas”.

This is accomplished by inserting a hidden, cryptographic signature into your email header (SpinOffice will do this) and then placing a public key on your website’s DNS that verifies the authenticity of this signature.

Essentially, when you set up a DKIM, you’re telling internet service providers (ISPs) that you are sending mail from an authorized system and that it is not spam or spoofing. Like other email authentication methods, DKIM lets senders associate a specific domain with their email messages. Records published on the DNS vouch for an email’s authenticity.

However, DKIM has a unique way of doing this with an encrypted digital signature:

  • A public key published on the DNS txt record.
  • A private key included in the email header. That private key is the encrypted digital signature, which should be unique to the sender and match what’s published on the DNS.

When the two DKIM keys match, mailbox providers verify the identity of the sender and the message goes through to the inbox. If the key pair does not match, or if there is no DKIM signature detected by the email provider, it’s more likely that the email will be rejected or filtered into the spam folder.

Flowchart of how DKIM signatures work

DKIM itself does not filter emails. However, it helps the receiving mail servers decide how to best filter incoming messages. A successful DKIM verification often means a reduced spam score for a message. That’s why setting up DKIM authentication is so important for email deliverability.

DKIM will help prevent spoofing and phishing of your domain, and an added benefit is that it allows Mailbox Providers such as Gmail, Microsoft, Yahoo, and AOL to track the email reputation of your sending domain.

With SpinOffice, we already offer SPF authentication. But since today, we also offer DKIM. Therefore, we highly recommends all customers to set up both for their sending domains.

How to implement DKIM for SpinOffice?

To set up DKIM with SpinOffice, you need to add two CNAME records in the DNS settings of your domain. Follow the How to set up Email Domain Authentication (SPF and DKIM) instructions to perform this. DKIM is instantly applicable for SpinOffice.

The instruction how to set up SPF is also included in this support article.