How to create Domain keys Identified Mail(DKIM KEYS)

DomainKeys Identified Mail

DomainKeys Identified Mail, or DKIM, is a technical standard that helps protect email senders and recipients from spam, spoofing, and phishing.  It is a form of email authentication that allows an organization to claim responsibility for a message in a way that can be validated by the recipient. Specifically, it uses an approach called “public key cryptography” to verify that an email message  sent from an authorized mail server, in order to detect forgery and to prevent delivery of harmful email like spam. It supplements SMTP, the basic protocol used to send email, because it does not itself include any authentication mechanisms.  

How does it work?

It works by adding a digital signature to the headers of an email message. That signature  validated against a public cryptographic key in the organization’s Domain Name System (DNS) records.

In general terms, the process works like this: A domain owner publishes a cryptographic public key as a specially-formatted TXT record in the domain’s overall DNS records. When a mail message  sent to outbound mail server, the server generates and attaches a unique DKIM signature header to the message.

This header includes two cryptographic hashes, one of specified headers, and one of the message body (or part of it). The header contains information about how the signature  generated.

When an inbound mail server receives an incoming email, it looks up the sender’s public DKIM key in DNS. The inbound server uses this key to decrypt the signature and compare it against a freshly computed version.  the two values match, the message can be proved to authentic and unaltered in transit.  

Do I need DKIM?

If you are a business sending commercial or transactional email, you definitely need to implement one or more forms of email authentication to verify that an email is actually from you or your business. Properly configuring email authentication standards is one of the most important steps you can take to improve your deliverability. However, by itself it only goes so far; Spark Post and other email experts recommend also implementing SPF and DMARC to define a more complete email authentication policy.  

        Steps to create DKIM keys: Step1: Navigate to Setup > Email > DKIM Keys

        Step 2: Create New key  


Step 3: We have to enter selector which must be a unique name and also alternate selector which is used to identify the DKIM key and allows Salesforce to auto-rotate your keys.. Enter the domain name  which we are using .


Step 4: Then the entered DKIM key need to be saved. It will show as publishing in progress.

Step 5: Click Save. Salesforce publishes your TXT records to DNS.  CNAME and alternate CNAME records appear on the DKIM Key Details page when the DNS publication is complete. It can take time for DNS publication to finish. Publish the CNAME and alternate CNAME records to your domain’s DNS.


Step 6 : Select Activate on the DKIM Key Details page to activate the key.

Reference from: click here