Anti-Forgery for Emails: DKIM Records

DKIM – A Welcome Requirement

If you have a domain and have email services on that domain, whether for professional or personal use, then you should have Domain Keys Identified Mail (DKIM) records. DKIM is a type of TXT record used for email configuration and domain validation. It is also used to legitimize sent emails and ensures that an email has not been altered in transit.

Most importantly, TXT records used for authentication are required to send emails to Gmail or other big providers. In fact, starting February 2024, Google will make email authentication mandatory in order to send messages to Gmail accounts.

According to Google’s Help Center, setting up a DKIM can “help protect your domain against spoofing, and help prevent your outgoing messages from being marked as spam.” Some people might assume that DKIM is only useful for sending bulk emails, but that is not the case, and not exclusive for these types of functions.

Much like an SSL Certificate, adding DKIM and SPF records is rapidly becoming a necessary step in email configuration. Additionally, most people simply won’t see your content if you don’t have them. In other words, the more easily identifiable your domain legitimacy, the less likely your domain emails will be rejected or questioned.

Better Together: SPF and DKIM

Take a look below and see why our Customer Support team strongly advises users to use both for optimal security and protection.

Sender Policy Framework (SPF)

Some No-IP customers might already be familiar with our Sender Policy Framework (SPF) feature to authenticate and add security to their email domains, and it is currently our most popular. SPF involves a simple text record and can be taken at face value. SPF allows domain owners to specify which mail servers are authorized to send emails. So, if scammers were trying to send emails pretending to be from your organization, receiving servers would be able to check and verify that they were not coming from the correct designated mail servers and, in turn, flag the emails.

For example, per one of our Knowledge Base articles on record types: “…if you’re using one of No-IP’s mail services for sending you can add this SPF record:

v=spf1 include:no-ip.com -all

That record lists our mail server on the domain so that other servers know that the email is legitimate.”

To create an SPF record in your Enhanced, Plus, or Pro No-IP account, update your TXT record via the following breadcrumb trail:

My Services > DNS Records > Modify (on the root domain or Enhanced hostname) > TXT.

If your email is not managed by No-IP or if you use a different email provider, you can use the SPF Wizard to build an entry. If your email provider has supplied you with a valid SPF record, you can add that record under:

My Services > DNS Records > Modify (on the root domain or Enhanced hostname) > TXT.

Domain Keys Identified Mail (DKIM)

On the other hand, DKIM works similarly but differently; You are basically signing your emails with a unique and secure digital signature associated with a domain. The DKIM signature is a field in the email’s header, and the receiving server recovers the public key using DNS and verifies the signature matches the message’s content.

Furthermore, the receiving servers would be able to verify that the original message was not altered after you sent it.

Think of DKIM as an elevated version of SPF. The No-IP team has observed that emails with DKIM records have experienced less bounce back compared to ones with SPF records. Although you don’t need to have both record types, they work best together to cover all aspects.

Thankfully, adding a DKIM record to a mailbox/domain is not difficult to do. Check out our Knowledge Base article on how to create a DKIM record and add it to a POP3/IMAP mailbox. Want to learn more? Take a look at our articles in the Knowledge Base for more information.

No-IP to the Rescue

We are excited about the full release of our DKIM record capabilities, which will go completely live next month in time for the Google requirement. It is currently available to our IMAP and POP3 email users.

Our DKIM feature is actually the brain-child of one of our Customer Success Reps, Geraldo. Some of our users might have worked with Geraldo via email with various technical help. Geraldo found and read up on Google and Yahoo’s plan to require SPF and DKIM records to ensure email validity. Understanding the value and importance of the security measure (He’s been dubbed the security master at No-IP!), Geraldo took it upon himself to start writing the code that would ultimately lead to our DKIM capabilities. Way to go, Geraldo!

Still have questions? Please reach out to our stellar US-based Customer Support team to discuss the parameters of our new feature further.