Custom DKIM Signing Feature

The easiest way to brand and whitelabel your email messages with your own DKIM signature is with the “Custom” signing option.

The “Custom” option requires only the establishment of a single CNAME record in the DNS of your domain. The SocketLabs On-Demand Control Panel will perform a verification of your CNAME record before allowing for this feature to be enabled.

Creating a CNAME record is relatively simple process that is handled by the provider that manages your domain’s DNS settings. This could be your website hosting provider, your domain registrar, or a third party service like Amazon’s Route 53.

The benefits of using this method of DKIM whitelabeling is that it allows SocketLabs to remain in control of both the private and public DKIM keys. This allows you to get the benefit of custom DKIM signatures without the hassle of managing and rotating custom DKIM keys yourself. For email experts looking for more refined control on the DKIM signatures of their messages, please see our Advanced DKIM Signing Feature

SocketLabs does not provide technical support for managing your DNS settings, please contact your DNS provider for more information about establishing a CNAME record. SocketLabs is aware that some providers do not support the underscore character “_” in CNAME entries. If your DNS provider does not support this you will be required to use the Advanced DKIM integration option referenced above.

The CNAME entry that should be created is as follows: CNAME IN

So if your domain were you would create the following record: CNAME IN

Depending on the TTL settings of your DNS records it could take 24 to 48 hours before SocketLabs will be able to verify your CNAME entries. If we are unable to verify your DNS entry then it is likely that mailbox providers will also be unable to verify your entry. DKIM signatures without the matching DNS entries could hurt inbox placement rates so patience is required.

Custom DKIM signatures will only be applied to messages that have a Purported Responsible Address (PRA) at the domain in which a custom signing option has been established. In most cases the PRA is the From Address, or the Sender Address.

Related Information

For more information about DKIM authentication technology please see our other article: DomainKeys Identified Mail (DKIM) Authentication

For more information about SPF authentication please see our related article: Sender Policy Framework (SPF)

Further questions about DKIM signing and email authentication should be emailed to Support.