您需要了解有关DKIM身份验证的知识

Have you everreallyexplored the depths of marketing emails you receive?

If you haven't, you're not alone. I hadn't either until yesterday. However, by exploring the details of email marketing messages, I've been able to find spoofed orphishingemails.

Take this marketing email I received, for example. If I look at the original message, I can search for a specific component that proves the message's legitimacy:

What I'm looking for is a DKIM authentication, which proves that an email hasn't been altered on its journey from the sender to an inbox.

When I learned about DKIM authentication, my life — and my inbox — changed forever. So in this post, we're going to talk about the glory of DKIM and why you need to apply it to your own marketing emails.

What is DKIM authentication?

当我们谈论DKIM时，我们正在谈论一种电子邮件身份验证的方法。它是确保您的电子邮件营销工作对订户提供安全和合法的工具。

DKIM使订户能够查看电子邮件发送者以确保其合法。从发件人的角度来看，一种简单的方法是在电子邮件的标题中提供经过验证的电子邮件签名，例如：

This signature, notated with "signed-by," tells the email receiver who sent the email. The hyperlink included from the sender takes the recipient to the official website of the sender — in this case, HubSpot.

让我们谈谈DKIM身份验证的工作方式。

How does DKIM work?

DKIM签名验证电子邮件发送者是合法的。他们使用的是data encryption(basically, a "lock-and-key" for private email details, such as a subscriber's email address).

该签名实质上证明了发件人是真实的，因为发件人的域名系统（DNS）记录已批准了电子邮件。

出站服务器（发件人）发送的每个电子邮件都将具有其自己的DKIM签名，并包含有关DNS中签名的信息。此信息应告诉入站服务器（收件人）DNS和DKIM签名来自同一源。

发生这种情况时，入站服务器可以验证电子邮件在发送时没有更改。

In Gmail, you can find DKIM authentication by clicking on the dropdown arrow next to the phrase "Sent to: me," shown below:

Clicking on that dropdown arrow will open up a box of a few details, including the sender, email date, mailing list, subject, and the encryption, which is where DKIM authentication fits:

This box tells the user the details of the outbound server that sent the email, in this case, bounce.hulumail.com. Underneath, it tells the user the DKIM signature from that server, which is hulumail.com. Then, it shows that Google has verified the security of the email, and that the email used standard encryption in its DKIM signature.

最终，当您使用DKIM签名时，您会提供更多的电子邮件可交付。It tells email servers and recipients that you aren't using email marketing for malicious purposes.

DKIM signatures aren't a physical "signature," rather, they tell email servers that the email from the sender hasn't been faked or modified. This happens from a server, and can be set up using automated email software tools, likeHubSpot's。

现在您知道了DKIM的工作原理以及为什么它对您的电子邮件营销消息至关重要，让我们谈谈如何正确设置它。

如何设置DKIM

Let's get started with setting up DKIM authentication for your marketing emails. For this process, you'll be creating the unique DKIM signature for your domain(s),connecting it to your domain host, (i.e. GoDaddy or a similar service), and authorizing the authentication process to take place when emails are being sent.

1. Generate or connect a domain key.

Identify the domain or domains you'll be using to send email marketing messages. If you use multiple domains, you'll want to make sure you're authorizing all of them for DKIM. Each domain will need its own unique domain key.

如果您需要创建一个域密钥，则可以在Google中这样做 - 您只需要确保您的Gmail帐户super administrator使用权。然后，从G Suite应用程序页面访问Gmail，然后单击“身份验证电子邮件”，Google将自动选择您的主要域（不用担心，如果您想选择另一个域，可以更改此域）。

之后,点击“生成新纪录”can select whether you want to generate a key by DKIM bit length or by prefix selector. To put it another way, you can select whether you want your DKIM key to have more strength based on the host you use, (2048 is one of them), or if you want to change when you've made the domain key. The latter is generally used if you already use another domain key through Google.

然后，单击“生成”，您将收到域键，该键告诉服务器您的消息是安全的。如果您使用像HubSp雷竞技苹果下载官方版ot这样的软件，则可以跳过此步骤，因为该软件通常为您生成域键。

2.确保您具有DKIM功能。

If you use email marketing software, make sure it has DKIM capabilities. Outgoing marketing emails need to have a DKIM signature. You can download separate DKIM software (here is a list of developers），或验证您的软件提供这些服务。雷竞技苹果下载官方版

3. Connect your email sending domain.

在这个步骤中,您要确保《婚姻保护法》in key is correctly connected to your email. If you used Google to generate your key, you can complete this step by updating your DNS TXT record with your generated key. Make sure you're switched out of the Admin console and on the domain host when you do so.

对于HubSpot客户，请转到设置>域和URL>连接域>电子邮件发送>连接。这会提示您输入使用的电子邮件地址，并验证正确的发送域。

4. Add your domain to DNS records.

By now, you've created your domain key, also known as your DKIM signature. You've also either connected your domain to emails in your email marketing software or begun the setup process in Google. Now, we're going to begin to connect the two.

For this step, you'll also need your domain key so you can connect it to your DNS records. Remember, DNS records verify that marketing emails with your DKIM key come straight from your domain emails.

注意：如果您使用的是Google并具有多个域，则必须完成每个域的此步骤，因为每个域都有其独特的DKIM密钥。

登录您用于域主机的管理控制台，并找到DNS记录。请记住，这是由您的Google管理控制台完成的。

Then, add a TXT record. To do this, enter the TXT record name into this first field. You'll find this displayed in the Admin console, and it'll be under the DNS Host name. For the field below, you'll enter the string text displayed in the Admin console, which will be located under "TXT" record value.

For HubSpot and GoDaddy customers, you can either click "Authorize with GoDaddy" to allow HubSpot to set up hosting for you, or click "No, I'll set it up manually." Then, you'll be able to access your DNS provider, DNS settings, and copy-and-paste values for Host Name.

5.在Google中，打开DKIM签名。

If you're setting up DKIM through Google, this is the last step you'll need to do before completion. At this point, you've generated your domain key and added it to your domain record. So now, you're ready to turn on DKIM signing.

This step greenlights your authentication, but note that this may take up to 48 hours to be placed into effect.

First, you'll want to access your Admin console homepage and access Gmail. Then, click "Authenticate email," and select the proper domain. You'll see the status of email signing, and you'll also be able to click "Start authentication" to begin the process.

After that, you'll be ready to test your email signature.

6. Test your DKIM authentication.

This step is very important because every DKIM key is unique, and you'll want to make sure they're each sending correctly. To test your email in your email marketing software, send the email from that software to an account you have access to, such as your personal email address, and open the details of that message so you can see the original message details.

To test your email in Google, you can access the same page in Admin host from the last step, and send an email to a Gmail or G Suite account holder — I usually email myself for tests.

您可以在收件人的收件箱中打开消息，然后单击更多>显示原始消息以打开整个消息标头，如下：

From here, you'll be able to access the original message and see the DKIM signature. The header will tell if the DKIM signature is authentic, and you can scroll down to the code to locate the signature details.

对于此电子邮件，DKIM签名已打开。我可以从红色突出显示的代码的特定部分中识别出来。这告诉我的是，DKIM签名是从Glossier域发送的，并由其DKIM软件签名：雷竞技苹果下载官方版

If your DKIM signing is turned on, you should see code that's similar to this example:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

The "s=" you'll see in the line below the above code confirms that the email was signed by a DKIM key.

If you can locate the DKIM signature, you can be sure that your DKIM authentication is complete!

Now that you're an expert on DKIM authentication, go ahead and create your own key and ensure the safety of the delivery of your emails.

现在，您可以确保您的订户按预期收到他们的消息。