1. Make sure that the sending systems you use support DKIM.

  2. Make sure that the emails are DKIM signed.

  3. Make sure that the signing domain aligns with the “From” domain.

  4. Make sure that you use a DKIM key size over 1024 bits (a 2048 bit key is advisable)

  5. Make sure, where possible, that the DKIM selectors you choose closely identify the sending service so you can distinguish between them.

  6. Make sure to revoke any keys that have been compromised.

  7. Make sure that the DKIM keys you manage are rotated on regular basis.

  8. Make sure that the DKIM key syntax is correct.

  9. Make sure that there exists a public key for each corresponding private key that signs your emails.

Did this answer your question?