What is DKIM? Carly Brantz April 2, 2013 Best Practices // SUMMARIES ?> Are you signing your mail? No, we don’t mean are you adding a closing signature, we’re talking about authenticating your email streams. Email authentication helps ISPs identify which domains are legitimate and safe for delivery. One of the most common ways to “sign your mail” is with DKIM. DKIM (DomainKeys Identified Mail) is an email authentication method developed by Yahoo! that checks an encrypted “key” embedded in each email sent against a list of public records to positively confirm the identity of the sender. In short, it helps ISPs identify the good mail and aids in preventing malicious email from getting through. It pretty much works the same way IP reputation does, except it works with your domain name. This is actually better for brands because if you switch email service providers, you can take your domain reputation with you. The Reason Behind It Spammers and phishers often mask their malicious email by purporting to be from a trusted brand. According to a report released by the Anti-phishing Working Group in February, hundreds of phishing websites pop up on a daily basis sending hundreds of thousands of emails to innocent consumers. In fact, in Q3 2012, 426 brands were hijacked in July alone. If you don’t think that’s a lot, consider the impact. A recent Facebook phishing scam tricked users by telling them that they were in violation of their Terms of Service. It urged them to log in to a fake Facebook page and when they did, the phishers stole their personal information and passwords once they logged in. But, social networks are not the only victims. Financial institutions, payment services, retail outlets, gaming sites, auctions, and more are affected daily. And when it happens, customers lose trust in the brand and the email channel, which ultimately results in customers NOT clicking on your emails. Help the ISPs Help You To ensure that customers continue to respond to your messages, you must help ISPs safeguard your brand. By signing all of your domains with DKIM using the d=, you are telling the ISPs to block any domain that is not on the “hit list.” So, be sure to sign all the domains from which you send your promotional and transactional email. (This includes your subdomains, so make sure you take a complete inventory.) Remember, DKIM answers two key questions—does the email have a valid signature and which domain signed it. It won’t ensure email deliverability, but it will certainly help improve it. Additionally, it will help prevent all of the ancillary fallout that happens when brands are hacked. Taking the time to put preventative measures in place can help protect your reputation and your brand. To learn more about email authentication and strategies for ensuring email deliverability, download our free SendGrid Email Infrastructure Guide.