DomainKeys Identified Mail (DKIM) is a method for email authentication. DKIM uses public-key cryptography to allow the sender to electronically sign legitimate emails. With DKIM, the receiving mail server can verify that a message actually comes from the domain that it claims to come from. DKIM also tells the receiver that the contents of the message were not altered since the time that the signature was placed.

The purpose of DKIM is to make it impossible for spammers to send messages that pretend to come from your domain. The senders of spam often use fake email domains to increase their opening and delivery rates or for phishing attempts. DKIM helps mail servers to verify the identity of the sender and reliably determine if the email comes from a legitimate source. Ultimately, your emails are more likely to reach the inbox.

How It Works​

DKIM adds a digital signature to the header of each email. This signature is encrypted. The encrypted signature is stored in the Domain Name System (DNS) of the sendout system. The receiving mail server performs a DKIM check to verify that the message is signed and associated with the correct domain.

The DKIM signature is registered, on request, when a Mapp Engage system is set up. This DKIM signature may differ from the actual domain of your Mapp Engage system.

Your contacts do not see the DKIM signature in their inboxes.

Related Topics​

DKIM authentication is best practice for email senders. However, DKIM is only one aspect of email authentication and security. DKIM does not ensure that the contents of the email are safe, and it does not tell the receiver how to handle the email. For more information, see the following topics:

DKIM Sendout Process (Simplified)​

  • An encrypted signature is stored in the DNS of the sender.
  • During every sendout, an encrypted signature is added to the email header. Email recipients do not see this signature.
  • When the email arrives at the receiving email server, the provider checks whether the sender uses a DKIM signature. If the sender is clearly identified by the DKIM signature, this increases the likelihood of that the message is actually delivered to the inbox of the recipient. If the key does not match the stated sender, the message is usually labeled as spam.

Sendout Domains with DKIM​

You should only send emails from Mapp Engage with a domain that has a DKIM key stored on the DNS of that domain. You can use the delegated system domain or the associated main domain.

Example: is your delegated system domain

  • is acMapp Engagetable as a sendout domain because this is your delegated system domain.
  • is acMapp Engagetable as a sendout domain because this is the main domain.
  • is not acMapp Engagetable for sendout, because this is a different domain.


If you want to start sending from other domains, these domains need DKIM, too. Contact your customer representative for help.

Using an email domain that does not have a DKIM signature results in a lower deliverability rate. Always send from domains that have a DKIM signature. You can change the local part of the sendout address (the part before the @). The local part of the address is not a part of the DKIM signature. For more information, see ​Reply Handling (tab)​.