DKIM (DomainKeys Identified Mail) is an email authentication method that uses cryptographic signatures to verify that an email message hasn’t been altered during transit and was genuinely sent from your domain. It helps protect your brand and improve email deliverability by preventing spoofing and phishing attempts.
This article will guide you through the steps to configure DKIM for your domain when using Campaign Monitor as your email service provider.
Campaign Monitor will generate a custom DKIM signature for your domain. Follow these steps to get started:
Log in to Campaign Monitor, click your profile image in the top-right corner, then select Account Settings.
Click on the Sending Domains tab.
Click Add Domain.
In the Domain field, enter your fully qualified domain name (e.g. mail.example.com).
Note: Authenticating a second-level domain like example.com will not automatically authenticate any subdomains.
You can only authenticate domains that you or your organization own. Campaign Monitor will block unregistered or generic domains (e.g. gmail.com, hotmail.com, aol.com) and show a warning if such domains are entered.
Campaign Monitor will now generate a TXT record for DKIM authentication. Make a note of this TXT record, as you’ll need it in the next step.
Once the key is generated, you will need to load the key into Sendmarc DKIM manager or Public DNS Zone (If not managed within Sendmarc) as a TXT record
This will resemble the below:
| Type | Value | TXT Value | TTL |
|---|---|---|---|
| TXT | [selector]._domainkey | Paste the key generated here | 1 hour (Default) |
1. Once the key is published, return to Campaign Monitor and click ‘Authenticate now’. DKIM Signing will now be enabled.
To update your DKIM record through Sendmarc, please refer to the Sendmarc DKIM Setup Documentation.
Campaign Monitor’s official DKIM configuration guide can be found here.
Find out how to configure your Campaign SPF settings here.