Gmail And DKIM Records
First off: Sorry for this post being technical, and let's be honest, really boring. But bear with me. As boring as it is, this is vital for any business that sends out emails. Which is you, right?
As mentioned in the intro, Gmail is by far the most popular email service. At the end of 2022, they had 1.8 billion active users. That's a lot. So the chances are at some point, you are going to be sending an email to firstname.lastname@example.org. And I'm assuming you'd like that email to arrive in the recipient's inbox. If so, you MUST read this. No matter how bored you get, stick with it to the end.
One of the many things that go on behind the scenes when you send an email is the use of a thing called "DKIM" records. Or Domain Keys Identified Mail. What these do is confirm to the recipient's email service (like Gmail) that the email they are receiving is indeed from the email address it claims to be.
(Spoofing the "from" email address is super easy, and scammers often employ it to fool you into thinking an email is from someone you know or a trusted source when it's not.)
If your email address has a DLIK record, a digital signature is attached to the email so the recipient's service (Gmail etc.) knows it's genuine. They will then send it to the recipient's inbox. If there is no DKIM record, the email will get "blackholed", which means deleted with no warnings sent to anyone or bounced back to the sender. Often, these bounced emails get sent to spam, so the sender never knows their email isn't received.
Still with me here?
This is the way email services are meant to do it, but few bother. At least few bothered. Typically, the service would look for the DKIM record, and whether it found one or not, it still sent the email to the inbox. But that's changing now.
Gmail is leading the way here, but they are starting to more and more blackhole or bounce emails from addresses with no DKIM record. The word is other major email services are doing the same.
So, it's really really important you have the correct DKIM record setup for all your email addresses.
How Do You Know If A Record Is Set Up?
- Go to this mail-tester website, and you'll see a randomly generated email address.
- Copy that email address and send a test email to that email address. Make sure you send the test email from the email you wish to check the DKIM validation.
- Once the email is sent, navigate to the mail tester site and click the Check your score button, and then you will be redirected to the page which will show you deliverability insights about your email.
- You can expand the email authentication, and you will be shown whether your email has a valid DKIM or not, as shown below.
If you have a DKIM record setup... Boom! You're sorted. if not, get in touch with your email service manager and get them to sort it out, pronto.
Note: Previously, if you had a thing called an "SPF" setup on your email account, you were kinda OK not bothering with DKIM, but that is changing. To be 100% safe, get a DKIM record setup. it's dead easy to do. If your email manager can't do it, find a new one!