DKIM (Domain Keys Identified Mail) is a complex email protocol that allows a sender's identity to be authenticated by the recipient to help combat email fraud. It's also a very important factor in your email deliverability. DKIM affords the greatest assurance that the sender is who they say they are and gives email providers a way to track and hold senders accountable for the messages they send. As a result of setting up DKIM, your email deliverability and inbox placement improves. If you haven't set it up yet, follow the steps below.
How does it work?
A public key is used to create a DNS record. That same key is also used to digitally sign the header of emails that are sent. When the recipient's provider receives the email, they check the sender's DNS records and the sender's authenticity is validated by the matching key. The message is then delivered with confidence that the sender is who they claim to be.
What's special about Keap's implementation of DKIM?
Normally, implementing DKIM requires a domain owner to create public and private RSA keys which are used in the authentication process. To simplify DKIM set-up, Keap eliminated this complexity by creating these keys on your behalf. You only need to create a CNAME record in your DNS that points back to the Keap servers and turn on the function in your Keap account. You can find step-by-step instructions in your Keap account.
Set up DKIM
- Navigate to Marketing > Settings
- Click Email Authentication
- Click Add a Domain
Note: This button is only available to admin users
- Select a domain to authenticate
Note: You can add additional email domains by adding that email domain to a User Record.
- Create a new CNAME record using the text below as the "Name" or "Host" (the actual name depends on your provider)
- Copy and paste the provided text into the DNS "value" or "points to" field (the actual name depends on your provider) within your new CNAME record
- Click the Verify button
Pro Tip! You can add additional email domains by adding that email address to a User Record under Admin > Users in the Email field. Note that it must be in the primary email field as shown in the image below.
- Fill out the remainder of the form. You will create a CNAME entry in your DNS records. If you need assistance with this step, we recommend that you contact your DNS provider because the steps may vary depending on your provider. For example, Cloudflare users must make sure their record is set to DNS only and not Proxied.
Below are help article links for common DNS providers. For most of the providers listed below, remove your domain name from the URL in step 2 and use that value for the Host. For example, if the URL is "d5e8e10f-67fd-4e29-87dd-58f7b3760b10._domainkey.yourdomain.com", use only "d5e8e10f-67fd-4e29-87dd-58f7b3760b10._domainkey" for the Host value. Important Note! Some DNS providers are not compatible with this method of DKIM.
- When you have completed the form, click the Verify button. Keap will attempt to validate the CNAME record you created in your DNS. The record must be live for your Keap account to validate it. If the record cannot be verified, wait until the Time-To-Live (TTL) settting of your DNS provider has passed and click the Retry Validation link.
- Once the domain has been verified, Keap will use DKIM when sending emails on your behalf.
DKIM Re-validation Steps
We deployed updates to how we assign DKIM to outgoing emails. If you set up DKIM prior to 1/17/17, you may need to follow these steps to ensure DKIM is signed properly for mail from your Keap application. The changes require you to update your CNAME record that you added to your domain and then to re-validate your domain. There are two steps to complete:
- Update Your CNAME record - These instructions require you to edit a CNAME entry in your DNS records. If you need assistance with this step, we recommend you contact your DNS provider because the steps may vary depending on your provider.
- Locate the CNAME entry in your DNS records where you previously entered infusionmail.com and replace it with dkim.infusionmail.com, then save the record.
- If you have multiple domains that were previously verified, you will need to do this for each CNAME record on each domain.
- Re-Validate Your DKIM record.
- Login to your Keap application, navigate to the Marketing module and click on Settings.
- On this page, look at the navigation bar on the left and click on Email Authentication.
- Now you should see your domain(s). Click on the hyperlink Retry Validation.
- This opens a Retry Domain Verification pop-up window. Click on the Verify Button to complete the update. If this fails to validate, please wait and try again (it can take hours, depending on your DNS provider). If you have multiple domains that were previously verified, you will need to repeat these steps for each Domain.
Example of Email Domain Creating a CName