Comprehensive Mailgun DKIM Service Review

Dariia Leshchenko
Dec 10, 2021
Reading duration

Email marketing is growing in popularity, and for a good reason: It has proven to be effective and profitable. However, you can only count on an improved income range if you use a verified account. When you start sending emails, you need to make sure that every email service provider and email recipient is positive about the sender’s reputation. Mailgun DKIM is one of the safest ways to do this successfully. What does DKIM stand for? How do DKIM records work? There’s only one way to learn — read on!

Mailgun DKIM — general overview

DKIM stands for DomainKeys Identified Mail. If this abbreviation detail seems irrelevant, all will become clear in a minute. DKIM is a modern method of email authentication. The main aim of the DKIM record is to provide data that ensures the sender’s authenticity. Thus, DKIM is a useful tool to reduce or eliminate spam attacks.

In case you’re unfamiliar, all emails have domains. Countless spammers are interested in using a verified account to send out malicious content, carry out phishing attacks, and perform other illegal operations.

Both SPF and DKIM records are designed to keep spammers at bay. The fact is that an email that doesn’t pass the DKIM and SPF verifications is automatically labeled as spam. This means that if you send emails without a DKIM record intact, the chances that they will reach the recipients’ primary inboxes are slim. That is where Mailgun DKIM service comes in.

How does Mailgun DKIM record work?

It’s worth mentioning that DKIM doesn’t exist as a single item. Folderly experts can point out two main components of a DKIM: a DKIM record and a DKIM header. The records are stored in the DNS domain records, while the header is usually attached to all the domain messages.

DKIM is assigned with cryptographic keys. These keys are used by both the sender and the receiver, yet they are not interchangeable. Each party uses its key to verify their identity and trustworthiness. Usually, the email provider generates both: public domain keys and private keys. Those who own domains get the public keys and store them in DNS records, which are available to all.

Mailgun DKIM header

Regardless of the message you are sending, one of the mandatory details to add is the DKIM header. The header contains the private key, which is commonly known as a digital signature. When an email server checks the DNS records, it will use the public key to verify the digital signature. While it sounds like a lengthy process, Mailgun carries it out within seconds. Even so, the importance of the procedure shouldn’t be minimized. The verified keys and records ensure that the email hasn’t been tampered with in the transition process.

While the DNS section is rarely altered, the DKIM signature varies from email account to email account. It’s important to note that the differences depend upon the sender, intent, and recipient, but there are a few things that remain unchanged. These are the basic components of a DKIM signature:

  • “d=” — Refers to the domain account, which signs the message. Since we’re talking about the Mailgun account, this is the example to memorize:


  • “b=” — Represents the special digital signature.
  • “bh” — Creates a digital tag that the recipient can verify.

Mailgun DKIM record

DKIM records are packed with public keys represented as a string of characters that are picked at random. These keys are programmed to verify any message that contains a private key. Usually, an email server asks for the DNS records of the domain to access the DKIM record and the public key.

DKIM records are a representation of DNS TXT records. The TXT record is used to keep any text that the domain admin is known to associate with the home domain. However, when compared to other DNS TXT records, DKIMs have a particular name, which isn’t just the domain name. This is the format that DKIM records’ names follow:


To run a DKIM record check, various email servers exploit the DKIM selector. The DKIM selector is typically offered by such providers as Gmail. It comes together with the domain name.

Mailgun DKIM and DMARC relation

In addition to SPF value and DKIM importance, there is another email authentication method called DMARC. The fact is that some emails fail either SPF or DKIM, and it is the primary goal of DMARC to define how the email should be dealt with. Just like DKIM, DMARC is stored as a DNS TXT record.

Why do you need a Mailgun DKIM?

Before you proceed with the Mailgun DKIM setup, you need to be absolutely sure that you need it. These are the main benefits that DKIM can offer:

  • Reputation
  • Integrity
  • Security

Once you create a corporate address and start sending your marketing emails, the scammers will get interested in you. To ensure that the reputation of your enterprise remains unspoiled and that your clientele isn’t fooled by phishers, you should use DKIM. Once your messages are verified, there’ll be no room for scammers. Besides, your emails will be recognized by users as safe so that you can focus on growing your customer base.

How to set up Mailgun DKIM

With all of this in mind, you may be curious as to how you can set the record up. First things first: Be aware that the service requests a verified DKIM key through a DNS check. Without it, the domain won’t be allowed to send emails from the platform. This is done to ensure the ultimate security of the shared content.

Domain verification

  1. Start by adding your domain and verifying it with the provided DNS record at the used DNS provider. Enter the Mailgun control panel and find the Domains section. Fill the section out with the domain or subdomain you use.
  2. Go to the domain verification DNS section in the domain settings and find the DKIM TXT DNS record. Add the given record to the DNS provider field.
  3. You can use the CNAME record to use Mailgun and monitor the click and open rates.
  4. Add MX records. If you use the MX records for another service provider, then skip the step.

Once you are done with the DNS settings, you can leave the Mailgun control panel and wait until DNS changes are validated. This domain settings verification typically takes up to 48 hours.

Final words

No matter what your domain registrar is — GoDaddy, HostGator, or Namecheap — you can’t send your emails out safely without a secure DKIM in place. The sender's authenticity matters greatly, and Mailgun offers a chance to secure and sign every email with a verified signature so that both Google and targeted recipients view it as reliable content. To track your progress with email deliverability rates, you can also use Folderly for Mailgun. This powerful pair will ensure rapid reputation growth, enhanced security, and constant revenue increase! All you have to do is contact our experts today!

Dariia Leshchenko
Dariia Leshchenko
Customer Success Manager
Dariia's decades in Email Deliverability and Sales have allowed her to successfully manage diverse business clients. For years now, she proves that there are no issues not to be fixed. Dariia speaks for the synergy of new-level email analysis technology and a human approach to improving email performance.