DKIM Overview

DKIM is a method for verifying that an email is indeed being sent from the domain it claims to be from. To accomplish this verification a public/private pair of encryption keys is used. The most notable use of public/private key pairs in email is with S/MIME or PGP for encrypting an email itself. Outside of email anyone who browses the web has benefited from public/private key pairs, as they are used to establish the SSL-encrypted connection of any reputable website for things like entering payment information securely.

With DKIM, a special signature string is created from the private key, the message body, and some of the headers from within the email you are sending. The recipient's server then uses the public key to verify the signature was created using the matching private key. Since the private key is on your server, and has not been shared with anyone, only email sent from your server with the correct private key will pass this test.

Based on options of your choosing, messages can then be completely denied as invalid or let through (possibly to a separate folder) for review before deciding it is unwanted email.

For DKIM to work properly your email servers need to be setup for signing outbound email and verifying inbound email, which is precisely what we have done here at LuxSci.

Outbound
Outbound DKIM uses the private key for your domain to create the signature for each email you send. The signature itself is then placed within the headers of the email.
Inbound
For inbound email we first verify whether or not the senders domain is setup to use DKIM and if so we then verify the existence and validity of a signature. For domains using DKIM our basic spam filters are setup to automatically use the signature results in determining if a message should be considered spam. Finally we also provide a field in our custom email filters so they can be used for additional control of your email flow based on the success/failure of the DKIM signature of a message.

Your provider's support/implementation of DKIM may differ from ours, but you can still use this DKIM generator to create the needed keys and generate the appropriate text needed for updating your DNS text records to use DKIM for your domain's email. The private key would have to be added to your server by your email provider

LuxSci Customers: Use the DKIM Tool provided in your LuxSci customer portal for setting up DKIM, as this tool will also enable the proper DKIM keys for use in your account's email sending.

DKIM Wizard

You will need to enter a selector and your domain below. A selector can be just about anything you want it to be. If you are not aware of how you can fully utilize selectors you can just use "dkim" as your selector.

Selector
Domain
Encryption
Should all messages be signed?

No or Unknown: Messages sent from addresses in your domain may or may not be signed with DKIM; some legitimate messages may originate from servers that do not support DKIM for your domain. If you are unsure, choose this option.

Yes! All messages sent from addresses in your domain will be signed with DKIM; messages will never be sent from servers that do not support DKIM for your domain. Messages without valid signatures may be spam/fraud.

Yes! And, if a message arrives without a valid signature, it should absolutely be considered spam/fraud and deleted.


Please type the text seen in the image, below, into the "Security Code" box.

The security code is the text that you see in the image, above. Use of this code helps us prevent abuse of this form by automated programs.


Learn More

LuxSci is the ultimate in email, not only in terms of products but also in service. From a business perspective LuxSci provides unparalleled account administration and control over spam and viruses. You won't even know all the things that are possible with email until you check out LuxSci's multitude of special email services and products. They can also integrate web hosting with your email account."

William Hopwood . Florida Atlantic University