Skip to main content

DKIM Config Manual - Klaviyo

backBack

DKIM Config Manual - Klaviyo

DKIM SetupDuration5 min

What is DKIM?

DKIM (DomainKeys Identified Mail) is a method used to verify the authenticity of email messages. It adds a digital signature to outgoing emails, allowing the recipient's email server to verify that the email was indeed sent by the claimed domain and that it hasn't been modified in transit. Using DKIM helps to protect against email spoofing and phishing attempts, enhancing the overall security and trustworthiness of your email communications.

DKIM is one of the trio of Authentication methods (SPF, DKIM and DMARC) that help prevent attackers from sending messages that look like they come from your domain.

Rotate’s Recommendation

Our cybersecurity experts recommend that your DKIM record will consist of the following:

  1. Encryption key should be rsa-sha256.

💡 RSA-SHA256 is recommended for DKIM due to its strong security, efficient encryption and authentication, and its ability to ensure data integrity and protect against email spoofing and phishing by using RSA for key generation and SHA-256 for digital signatures.

  1. DKIM encryption key length should be at least 2048 bits long.

💡 DKIM encryption key length should be at least 2048 bits to significantly enhance security against brute-force attacks, keep pace with technological advances, and ensure compliance with evolving cryptographic standards, thereby preventing email spoofing and phishing more effectively.

Configure Your DKIM

  • Permitted user types for the configuration change:
    • Owner, Admin, Manager, Campaign coordinator
  1. Company Name (bottom left corner) → Settings → Email tab → Domains → Add (Branded sending domain)
    1. Root domain: your domain (same as website)
    2. Sending domain: subdomain for sending emails (e.g. send, email)
    3. Routing: Select Static (assigns one specific routing path as sender)
  2. Select your DNS provider & configure accordingly (Login → DNS management → Return to Klaviyo and click Next)
    1. Add all prompted records to DNS provider in order
    2. Test your records using the “Verify records” button
    3. Activate
  3. Make sure that the DMARC record’s subdomain flag is set to “sp=none” (default to match “p” flag)

Source: https://help.klaviyo.com/hc/en-us/articles/115000357752

Frequently Asked Questions

Add-On
What is the Email Add-On?

The Email Add-On is a tool designed for Gmail and Outlook that helps you identify and manage malicious emails, including spam, phishing attempts, and malware. It enhances your email security by reporting suspicious emails and managing your personal spam list.

Mail Rules
Why are mail rules a security risk?

Mail rules can be exploited to exfiltrate data, hide security alerts, or modify incoming messages. Attackers often use forwarding rules to silently send emails to external accounts or create rules that auto-delete security notifications, making it harder to detect compromises.

Posture
Why is email security important?

Email is a common attack vector for phishing, spoofing, and other cyber threats. Properly configured DMARC, DKIM, and SPF records help prevent unauthorized parties from sending emails on behalf of your domain, protecting your organization from email-based attacks.

Scanning & Detection
What actions can I take on a malicious email?

When a malicious email is detected, you can take the following actions:

  • Block the email to remove it from the user’s inbox.
  • Release the email after it’s been blocked, putting it back in the inbox.
Can I deactivate Rotate Mail Scanning on a specific mailbox?

Yes, you can exclude specific mailboxes from Rotate Mail Scanning. This can be configured in the Configurations tab in the Email Hub under the Users and choose the users to exclude.

Email Hub
What does Email Threats mean?
  • Phishing: A type of cyberattack where attackers impersonate legitimate organizations via email or websites to steal sensitive information like passwords or credit card numbers.
  • Financial Fraud: Illegally obtaining money or assets through deceptive means, such as credit card fraud, investment scams, or identity theft.
  • BEC (Business Email Compromise): A type of cybercrime where attackers impersonate company executives or employees to trick others into transferring money or sensitive information, often through email.
  • Malware: Malicious software designed to harm, exploit, or otherwise compromise the data or functionality of a computer, network, or device. Examples include viruses, trojans, and ransomware.
  • Spam: Unsolicited and often irrelevant or inappropriate messages, typically sent in bulk, usually through email. Often used for advertising or spreading malicious content.

On this page