Home eMail Let’s talk about DKIM and SPF

Let’s talk about DKIM and SPF


If you’ve started setting up your email, you may have come across the terms DKIM and SPF. But what on earth is DKIM  and SPF and why do you need them?

DKIM is an abberviation of ‘Domainkeys identified mail’ and simply put it is a control to try to prevent spam. 

Spammers often try to trick you into doing something (clicking a link, entering some details) by making it look like the email has come from somebody authentic. For example you may get an email appearing to be from your bank asking you to enter your login details, thus providing those details to the spammer who can then empty your account. Historically spammers have found ways to ‘spoof’ an email address so that the ‘from’ address appears to be authentic. To the average reader it looks genuinely like your bank has sent you the email because it looks like it is genuinely from the domain name belonging to that bank. DKIM is designed to tackle this…

The basic premise is that the domain owner (that’s you!) creates some virtual keys (in the form of DNS entries) to confirm they are the owner of the domain, and then (invisibly) attaches a digital signature to each email sent. The receiver of the email can check the digital signature against the virtual keys to confirm that the email is genuinely from the owner of the domain. If it can’t match the signature, it is likely the email will end up in the spam folder or even be quarantined/deleted entirely depending on your/the receiver’s email server settings.

SPF stands for Sender Policy Framework and exists for the same reasons. SPF works in much the same way as DKIM but this time it tells receiving emails servers which servers are authorised to send emails on behalf of the domain owner. The receiving email server will check the SPF details in the digital signature and validate that the email has come from an authorised server. If it hasn’t… straight to the spam folder or the bin.

Therefore, if you want your emails to be read, it is extremely important to set up DKIM and SPF!

Note also, that you may be sending emails from different sources. For example you may have an email client that you use (such as Outlook, Gmail or Zohomail) and you may have a website which sends email notifications. In this case you must set up DKIM and SPF entries for each and every source.

How…? Well that depends on your domain host and the tools you are using, but refer to the Creating an Email Address  article which covers this for some of the recommended tools.