Contact Us

How to DKIM Sign Emails

By signing your emails with DKIM you enable the recipient's mail server to verify that the email was sent by an authorized sender of your domain.  With DKIM you can improve your chances of getting email delivered to the inbox instead of spam.  By using DKIM (and SPF) with a DMARC policy you can also prevent un-authorized senders from sending email from your domain.

AutoMSW Professional supports sending DKIM signed emails.

DKIM signing is accomplished by cryptographically signing the email with a private key you create for your domain.  The receiver uses your public key to verify the signature.  You publish this public key associated with your private key as a DNS record for your domain.

Follow these 3 steps to setup and sign your emails with DKIM:

Step 1: Create your public/private key pair

You can use a program called OpenSSL to create a public and private key pair.  You can download OpenSSL for Windows here.  Installing their "Light" package is sufficient.  Once you've installed OpenSSL, from a command prompt in Windows type in these 2 commands:

openssl genrsa -out dkim.key 1024
openssl rsa -in dkim.key -out -pubout -outform PEM

You will get 2 files, a private key (dkim.key) and a public key (  The following picture demonstrates this step.

openssl key pair creation

Keep your private key confidential.  You will use it for signing your emails, and it should never be shared publicly.

Step 2: Publish your public key as a TXT type DNS record

We need to make available the public key to anyone who wishes to verify the DKIM signature in emails received from you.  To do this, we publish a DNS record for your domain that you will be sending from.  For example, if you are sending emails from you need to add a DNS record for the domain, like this:

Name: dkim._domainkey
Type: TXT
Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChp/MU9ED08Q9KUedyYwHqJDTM5geEib78l92CH2lSyU0MyLz5iWn65V/FvSNLuCK32mEZJax/iu6OBUjzTOMcH0hlHLrK3GPLF61AKXGaO3u1gneA5guqDgCT494mzORorvSjsn8levk9Bc6/eeRmCWbeoHd7BKeDZByKevAn8QIDAQAB

The "Name" of this DNS record has the format: <selector>._domainkey.  Selectors allow you to create multiple key pairs for different uses.  In our example, we've used the word dkim as our selector.  Whatever you specify as the selector in your DNS record should also be used in AutoMSW when sending.

The "Value" of this DNS record is where you place your public key.  Open up your public key file ( in a text editor, like Notepad.  Everything between -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- is your public key.  Convert this text to one long line by deleting all the carriage returns, and then place this after "p=" in the above example.

Step 3: Enable DKIM in AutoMSW

In the "From" section of the main window in AutoMSW, press the Change... button and then Advanced... to specify your DKIM settings:

Enable DKIM in AutoMSW

Make sure to enter the same value for Selector that you used in front of ._domainkey in the DNS record name.  Browse to the private key file you created in step 1.

That's it, you're done.  Any emails you send now will include a DKIM signature, verifying the emails were sent from an authorized sender of your domain, and not someone pretending to be you.

It is a good idea to send yourself a test email, and verify the signing is working properly.  If you use Gmail, verify the received email says "Signed-by" when showing details.  In other email readers you can view the message source, and verify the dkim result was a pass in the email headers.

See Also
Static IP Address
Forward and Reverse DNS Entries
SPF Record
IP Address Reputation
General Bulk Email Sending Tips
Direct Send Specific Sending Tips | Contact Us