How much does Loops cost?

Pricing is based on subscribed contacts. Transactional email is included at no additional charge.

What does the free plan include?

Up to 4,000 sends/month to 1,000 contacts. Any paid plan removes these limitations.

How are you different from other email platforms?

Loops is purpose-built for SaaS. It unifies marketing, product, and transactional email in one platform with event-driven automations, a modern API, and agent-ready tooling.

← Back

DKIM (DomainKeys Identified Mail)

DKIM (DomainKeys Identified Mail) adds a digital signature to each message so receivers can verify it wasn't altered and really comes from your domain.

Mar 25, 2026

DKIM adds a digital signature to each message so receivers can verify it wasn't altered and that it was authorized by your domain.

Definition and examples

DKIM (DomainKeys Identified Mail) is an email authentication method that uses public-key cryptography to verify that email messages are authentic and haven't been tampered with during transit. DKIM works by adding a digital signature to each outgoing email message, which receiving mail servers can validate against a public key published in the sender's DNS records. This cryptographic verification provides strong evidence that the message originated from an authorized source and maintains its integrity throughout delivery. Unlike SPF, which validates the sending IP address, DKIM focuses on message integrity and domain authorization through cryptographic signatures. This makes DKIM particularly valuable for protecting against email content manipulation and providing a reliable method for recipients to verify message authenticity, ultimately improving email deliverability and inbox placement.

Why it matters

It matters because DKIM gives receiving servers proof that the message is intact and associated with your domain. That makes spoofing harder and gives legitimate mail a stronger foundation for deliverability.

How DKIM works

A typical DKIM setup starts with a public and private key pair. The public key is published in DNS under a selector, the private key stays with the sending service, and each outgoing message is signed so receiving servers can verify that it came from an authorized source and was not altered in transit.

Common mistakes

A common mistake is wrong selector or host: DKIM records live at {selector}._domainkey.example.com, not at the root domain. A common mistake is formatting issues: line breaks or stray characters in the p= value cause validation failures. Paste the key exactly as provided. A common mistake is not rotating keys: long-lived keys increase risk. Use selectors to rotate without downtime. A common mistake is domain misalignment: DKIM can pass but still fail DMARC if the d= domain doesn’t align with the visible From domain. Adjust DMARC alignment or your signing domain. A common mistake is multiple senders, one selector: give each sender its own selector to avoid conflicts during rotation or provider changes.

Related terms

Key takeaways

DKIM provides cryptographic verification of email message integrity and domain authorization through digital signatures
Proper DKIM implementation requires careful DNS configuration, secure key management, and regular rotation procedures
DKIM works best as part of a complete authentication stack with SPF and DMARC for maximum deliverability benefit

Guides

Company

Product