The DKIM signature (Domain Keys Identified Mail) is an Internet standard that is almost universally supported by major email providers and anti-spam systems.

The DKIM encryption authentication method validates that the email is authorized by the the domain owner of the sending domain by adding a digital signature to the email

This signature is based on an asymmetric cryptography:

  • The signee (in this case, Dialog Insight) has the private part of the key, which is used to sign emails.
  • The public part of the key is indicated in the DNS of the domain for which the emails are signed.

When receiving an email, the mail server that finds a signature will look in the DNS servers to retrieve the public key and use it to validate the signature.

When the signature is validated, it indicates 2 things:

  1. That the email has been signed by a server (Dialog Insight) that has the private key. It is therefore authorized to be signed by the server owner (your company) since the existence of the public key in your DNS indicates that you have accepted that we sign on your behalf;
  2. That the email was not changed while in transit. If it had been changed, the signature would no longer be valid.

The DKIM signature works as follows:

  • A public key of several alphanumeric characters is inserted in the configurations of your domain.
  • Dialog Insight has the private key. The domain that receives the email comes from our servers, but since we have the private key, the email that comes from Dialog Insight is authenticated.

A DKIM public key looks like this:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCA"
"QEAz4XrZ/2W5t98RXqmss6SGdIezyrnUveUx0dY5ooktaYPIsxnj3cnoCh8"
"luPmHw/O1m8P/TEkQhGL8uqbegYiEO68ZeZIhhRhPk2rWGl4Ade9ROilrNK"
"GF+8EQ/pJsVPxAeLUSha3v+tgmgWuTkebVEACGQlCKWpuamcXvR/y2TTxSt"
"gOYi1QN0+VP89FcV7fn6zreI7TWiQ6kXLjCXW91RAml9ZlpL9ibTnvI1vOt"
"zWl0MhVg6E6JXjU8dfQL0jy9i0R75Glf9PgeD9fm6bGz1EY5H+T+3YjeFPm"
"eY/Zr2h3IBKzZ5TtE0n+FyypeiLH8zKtxHPkYuV3dnSdYqh6IwIDAQAB"

How to

Please note that the steps below should be performed by an IT team.

Here are the steps to set up DKIM signatures for your domains:

  1. List all domains that will be used as the sender address in your emails (for example: “yourcompany.com”.
  2. Go to Account Management, in the Organization section under Domain Management/Validated Domains to add your domain and validate it. You will then need to create the DNS entries on your server that were provided at validation.

3. Once the domain is validated, add it to the list under Sender Domains. Click on the “DKIM signature” button and make the requested entries. You will then be able to validate them on the interface. 

Once you have completed the above steps you will then get a system validation if the DNS entries are correctly configured. From that moment on, you will be able to use this sender domain to send your emails.

For more information on DKIM: http://www.dkim.org/