DKIM (DomainKeys Identified Mail) is one of the three core email authentication protocols — alongside SPF and DMARC. This video breaks down what DKIM actually does when you hit send, why mailbox providers check it, and how to think about selectors, keys, and alignment without getting lost in DNS syntax.
If you are troubleshooting deliverability or preparing for stricter sender requirements from Gmail, Yahoo, or Microsoft, DKIM is not optional. It is the cryptographic proof that your message was not altered in transit and that it was authorized by your domain.
When your ESP sends on your behalf, it signs each message with a private key. The receiving server looks up your public key in DNS (via a DKIM selector record) and verifies the signature. A passing DKIM check tells the receiver the message content is intact and tied to your domain.
DKIM does not, by itself, tell receivers what to do with failing mail — that is where DMARC policy comes in. But without DKIM, you are missing a major trust signal and often fail alignment requirements outright.
DKIM records live at selectors — subdomains like selector._domainkey.yourdomain.com. Different sending tools use different selectors. Your ESP documentation should list the selector and the TXT value to publish.
When you rotate platforms or add a new sending subdomain, you typically add a new selector rather than overwriting the old one until cutover is complete. Multiple valid selectors can coexist during migrations.
For DMARC to pass in relaxed mode, the organizational domain in the From address must align with the domain that signed DKIM (or passed SPF). Misaligned From domains — common with some ESP default settings — weaken authentication even when DKIM technically passes on the return-path or signing domain.
Authentication failures and alignment gaps show up in DMARC aggregate reports long before revenue drops. Fixing DKIM is foundational work that belongs at the bottom of the retention pyramid — before you optimize creative or cadence.
Learn more: DKIM records guide (article), and Deliverability Recovery program.
Prefer YouTube? Watch on YouTube