Why do I need DKIM?

You need to set up DKIM on your domain name to lower the likelihood of your messages arriving in Spam, instead of in the Inbox of people you are trying to contact.

Having DKIM set on a domain is one of the main things email services look for when trying to decide if a message is spam or not. Without DKIM set up, it is much more likely that your messages will be marked as spam, even if the messages are not spam.

How to sign your domain with DKIM

We will give you the records you need to set up your domain with DKIM. If your nameservers are not hosted with Fastmail, you will need to make this change yourself at your domain host. Fastmail cannot do this for you.

When your domain is not correctly signed with DKIM, you may see a warning banner when you attempt to send mail from this domain, and you will see your domain listed as Needs attention on the Settings → Domains page. If you click Edit on your domain, and then on Get Instructions, we will give you a list of DNS records to use to sign your domain.

DKIM is set at your domain host. This will usually be the service that you bought your domain from. You will need to log in to this website to make this change.

Fastmail offers detailed instructions for popular DNS providers. You can find these pages below. Each page gives instructions for setting your MX records, which are records that let you receive mail that others send to you. Underneath the MX instructions, under the heading Signing your domain, we give you information about how to sign your domain with DKIM.

If you need more information or assistance in setting up DKIM for your domain, the best thing to do is to contact your domain provider directly. Since these records need to be set at their service, they will be best placed to answer any questions and provide more information.

Understanding DKIM

Email providers use a number of methods to tell which emails that are sent to an address should go into Spam, and which should make it through to a user’s inbox. Checking a domain’s DKIM record is one of those ways.

DKIM is an email authentication standard that lets you “sign” email from your domain, to prove that it is coming from a server that you trust. It's also used by the receivers of the email to confirm that the email was signed by that domain and hasn’t been changed. 

If you own a personal domain and use it with Fastmail, you need to be able to tell other email servers that you trust Fastmail’s servers to send out your email. This is one way that other services are able to tell that the sender is legitimate.

Why does my mail need to be “signed”?

In the old days of email, messages were not “signed”. However, this meant that spammers and attackers were able to fake their From: address, to make it look like the message was coming from somebody who actually did not send the email.

To try and deal with this behavior, standards like DKIM were introduced. With DKIM, the owner of the domain can tell every other email service to only accept messages sent from their own chosen email provider. Standards like DMARC explicitly link the domain of the email address in the From header to the DKIM signing domain.

Since every email service can tell which server sent an email, this makes it easy for providers to say that emails sent from servers that were not chosen by the owner of the domain are junk emails.

This means that if you have a domain, and you do not set DKIM, other major email providers including Gmail, Outlook, Yahoo, and many others, might think that the emails you send are spam, and put them in your recipient’s Spam folders.

Was this article helpful?
84 out of 114 found this helpful