How to add a DKIM record to your domain

To reduce the risk of ending up in a spam folder when you send emails, it is important that you authenticate the service you send via to use your domain name.

This basically means that you need to tell other email servers that your email service provider is allowed to send emails from your domain.

The process here is somewhat complex and technical as it requires changing your DNS records; a process that can seem daunting and has fairly catastrophic consequences if done incorrectly. But if you follow the instructions given by your email service provider, you should be alright.

Example using MailChimp and Gandi

Do note, the actual steps of this process depends on what domain name hosting provider you're using and what email service provider you're authenticating.

For this example, I am trying to add a DKIM record for MailChimp, so they can send emails for the domain railscabin.dk, which is using Gandi for DNS.

MailChimp asks me to set up the following DNS record:

  1. Create a CNAME record for k1._domainkey.railscabin.dk with this value: dkim.mcsv.net

Don't worry if this looks like technical mumbo jumbo to you, the actual values aren't that important.

  1. Log in to my domain name provider, in this case Gandi.
  2. Find my domain name in the user interface.
  3. Go to the section where I can edit "DNS Records".
  4. Choose CNAME as the record type.
  5. In the Name field I enter the subdomain part of the record name. In this case that is k1._domainkey, which makes the whole record name look like k1._domainkey.railscabin.dk with the .railscabin.dk part being read-only.
  6. In the Hostname field I enter the "value" given to us by MailChimp: dkim.mcsv.net. For Gandi I then need to add a dot . at the end of the value for things to work, so the full value becomes dkim.mcsv.net..
  7. I can then click "Create" and the DNS record has been added.

Trigger authentication in MailChimp

With all the above done, it is time to let MailChimp know that it can start the authentication process. Return to the domain authentication UI in MailChimp and click the "Authenticate" button.

If you get a message saying something like

We tried to verify your DNS changes and did not detect the right values. Remember that DNS changes can take 24-48 hours to propagate through the internet.

you need to wait a while then retry.

This happens when MailChimp already tried looking up the DNS records for your domain before you added the new record; or because your DNS has yet to update with the new records. You probably don't have to wait for 48 hours, try again in a few hours or wait until tomorrow and give it a shot again.

In the meantime, you should add a SPF record as well.