What’s the Difference Between SPF and DKIM?

Sujan Patel is the founder of Mailshake, a sales engagement software used by 38,000 sales and marketing professionals. He has over 15 years of marketing experience and has led the digital marketing strategy for companies like Salesforce, Mint, Intuit and many other Fortune 500 caliber companies.
  • February 5, 2024

Did you know that phishing attacks alone are responsible for around 90% of data breaches today?

Online phishing involves people sending emails and pretending to be a reputable company or an agency to get access to victims’ sensitive information like bank details and passwords. 

And to protect against growing spam and phishing attacks, authenticating emails is essential. That’s where email authentication protocols like Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) come into play.

These protocols not only protect you from fraud, but also help you improve your email deliverability.

Now that you’re intrigued, let’s take a closer look at what DKIM and SPF are and how they differ from one another. 

What Is DKIM?

DKIM stands for DomainKeys Identified Mail which, as mentioned above, is simply an authentication method explicitly designed to detect when a sender email address has been forged. Forging sender emails is a process known as email spoofing, which is used frequently in email spam and phishing scams. DKIM acts like a gatekeeper to validate the authenticity of email messages.

As each email is sent, it’s signed with a private key, which is validated by the receiving email server or Internet Service Provider (ISP) using a public key called the Domain Name System (DNS). The DNS translates domain names into IP addresses, which is a fancy way of saying it allows you to use your web browser to locate websites and receive emails. Its chief responsibility is ensuring that the email message was not altered during transit. Email altering mid-transit is a genuine problem that occurs more often than you might think.

For example, if you were sending an attachment with your bank account and routing number and didn’t use the correct security protocols, it could be intercepted by a fraudster. Once intercepted, this hacker could insert their own account and routing number and send it back on its way to the intended recipient. The recipient would still think it came from you and will pay the incorrect bank account instead.

With DKIM, the unique private key used to sign emails is stored exclusively on your email server and must be kept secret and secure. If nefarious individuals got their hands on your secret key, they’d have no problem forging your DKIM signatures and using them for fraudulent activities.

Later in the sending and receiving process, ISPs verify the integrity of messages by fetching the corresponding public key from a specific DKIM record stored in your DNS. The cryptography behind the scenes here is the same used in SSL, which guarantees that only messages signed with your special private key are going to pass the public key check.

Another lesser-known benefit that DKIM offers is that ISPs, like Gmail, can use this information to build a reputation score for your domain. If you’ve got top-notch sending practices such as high engagement, low spam, and minimal bounces, you’ll get a higher score, which improves your trust and reputation with ISPs. If you’ve scored low with poor practices, it’s less likely your emails will be delivered correctly, almost guaranteeing that they’ll end up in that lowly spam folder nobody checks.

What is DKIM record?

A DKIM record, existing as a DNS TXT entry, includes a public key crucial for email verification by recipient servers. It incorporates essential elements such as a name, version, and key type. These are usually supplied by your email service provider to authenticate messages.

What Is SPF?

Sender Policy Framework, or SPF, is a way that ISPs such as Gmail and Yahoo can verify that a particular mail server is authorized to send emails for a domain. It’s a whitelist: a list of things considered to be trustworthy or acceptable for services allowed to send emails on your behalf. Similar to DKIM, SPF functions via DNS.

For example, let’s say you use a service like Mailshake to send out marketing emails. You’d then insert a DNS record that includes Mailshake’s mail servers as a whitelisted trusted source to send emails on behalf of your domain.

SPF is critical to verifying who’s allowed to send emails on behalf of your domain and directly impacts your email delivery. Not only do you need it for email marketing and your company email accounts, but it’s also essential for support services such as Helpscout, Zendesk, or anyone else sending emails on your behalf.

What’s the Difference Between SPF and DKIM?

It’s not all that hard for a hacker to figure out how to send email from your domain. To protect yourself from such malicious activity you’ll want to set up both SPF and DKIM.

DKIM is a set of keys that tell IPs you’re the original sender and nobody fraudulently intercepted your email. SPF is a special list, a whitelist, that includes everyone who is authorized to send messages on your behalf. If you’re curious to see this all in action, you can verify whether an email is properly signed with DKIM or passing SPF by checking out the email headers. In Gmail, you can see this by using the “Show Original” option under settings, and at the top you should (hopefully) see PASS next to SPF and DKIM.

In summary, not setting up SPF and DKIM will only waste your company’s time, money, and resources since you’re increasing the chance that your emails will go undelivered. Not to mention you expose yourself to all sorts of fraudulent activity.

Sure, you could always send emails asking people to whitelist you. However, expecting companies to “fix it on their side” and whitelist you will only lead to heartache because most reputable companies will block any messages sent without that additional security and verification that DKIM and SPF provide.

Why Are DKIM and SPF Important for Cold Email?

Cold emails are easy pickings for email spam filters. The recipient doesn’t know you, so they’re more likely to leave your emails unread or mark them spam, which ruins your online reputation. If you’re looking for a way to steer clear of the spam folder, then SPF and DKIM are your allies.

You can think of SPF as a VIP travel pass to the recipient’s inbox. With it, email deliverability increases, and your email is far more likely to avoid bulk email filters and spam inboxes. Having an SPF record also ensures that your reputation stays high because it’s far less likely to get hijacked by fraudsters looking to profit off your good name.

Also, if you’re looking to step up your cold email game by investing in email automation software, you’ll have to hand over the keys to your email account to a third-party provider. Since the email is going through an intermediary, you can count on ISPs to flag it as fraudulent unless you give the proper clearance. That’s where SPF can help – it’s similar to giving your trustworthy friend a key to your house.

DKIM is crucial for cold email as well since it also acts as a key of sorts. It’s not a key to sending emails like SPF, but a key to opening them. DKIM is an invisible signature that ISPs use to form a reputation score, so your email is less likely to end up in the spam folder. The best cold email in the world is worthless if it never reaches its target. Ultimately, SPF and DKIM ensure that your reputation stays high, and that your cold email shows up when and where you want it.

If all this is a bit over your head, don’t worry. What’s important now is that you understand why DKIM and SPF matter and how taking 5 minutes to ensure they’re deployed properly can protect you, boost your reputation with ISPs, and ensure better email deliverability.

Difference Between SPF and DKIM FAQs

What Is SPF and DKIM Used For?

SPF and DKIM are two authentication protocols used to detect email spoofing, which is when a malicious sender pretends to be someone else. They are also used to increase your email deliverability.

Are SPF and DKIM the Same?

While they both are authentication protocols, SPF and DKIM are not exactly the same. 

SPF is used to authenticate the sender and ensure that only authorized servers can send emails from your domain, while DKIM is used to verify that messages haven’t been tampered with in transit.

Do I Need Both DKIM and SPF?

Yes, it is highly recommended to use both DKIM and SPF for a complete email authentication setup. This will protect your domain from malicious activity and improve your deliverability rates.

Can SPF and DKIM Prevent My Emails From Being Marked as Spam?

Yes, SPF and DKIM can prevent your emails from being marked as spam by helping you build a good reputation with email providers. However, they cannot guarantee that your emails will never be marked as spam.

How Do I Set Up SPF and DKIM?

The process of setting up SPF and DKIM can be complex, as it involves configuring two different DNS records. Here is a guide that can help you set up these protocols.

Continue reading

Grow Your Revenue Faster

Automate all your sales outreach with Mailshake.

Book a Demo
Footer CTA