This article applies to:

For the Max Classic/Ultimate editions of Keap, please refer to these articles: DKIM and DMARC

What is DKIM?

What is DKIM?

DKIM (Domain Keys Identified Mail) is a complex email protocol that allows a sender’s identity to be authenticated by the recipient to help combat email fraud. DKIM authentication typically requires ownership or administrative control of the domain in question, which may not be possible for domains like or

How does it work?

A public key is used to create a DNS record. That same key is also used to digitally sign the header of emails that are sent. When the recipient's provider receives the email, they check the sender's DNS records and the sender's authenticity is validated by the matching key. The message can then be delivered to the recipient with confidence that the sender is who they claim to be.


Why is it important?

DKIM affords the greatest assurance that the sender is who they say they are and gives email providers a way to track and hold senders accountable for the messages they're sending. As a result, deliverability of these messages is greater and inbox placement is improved.

What's special about Keap's implementation of DKIM?

Normally, implementing DKIM requires a domain owner to create public and private RSA keys which are used in the authentication process. To make it easier for you to implement DKIM, Keap has eliminated this complexity by creating these keys on your behalf. With this approach, you only need to create a CNAME record in your DNS that points back to the Keap servers, and turn on the function in your Keap account. We've tried to further simplify this process by providing simple, step-by-step instructions directly within your Keap account to help guide you.


How do I set it up?

These instructions require you to create a CNAME entry in your DNS records. If you need assistance with this step, we recommend you contact your DNS provider for assistance because the steps may vary depending on your provider. Below are links to help articles of several common DNS providers to help you. 

  1. Navigate to your Keap settings by clicking your avatar located in the bottom left followed by "Settings"
  2. Click Domains
  3. Under “Email” if you have an unverified business email address domain associated with your app it will be listed under the “Suggested” section of the page, click on “+ Connect this domain” to begin the process. Or you can add a different email domain by clicking the stand alone “+ Connect email domain” at the top of the page.

  4. Select your domain provider from the drop-down
  5. Click the "Continue" button

  6. Log in to your Domain Provider and add the CNAME records provided into your DNS records. If you are unsure on how to create and add CNAME records to your DNS provider, please see the links above or contact your DNS provider for assistance.
    1. Create new CNAME records in your provider for each row shown
    2. Copy and paste text into “Name” or “Host” field
    3.  Copy paste text into "Value" or "Points to" field
  7. Click "Confirm" after the information has been saved in your domain provider.
  8. You will then be taken back to the Domains home page, and your new domain will be displayed with a Pending status. The verification process may take up to 48 hours to complete. Once verification is complete your domain will show Connected.

If your domain authentication is stuck in "Pending"

If you previously had your domain authenticated within Keap and it is stuck in the “Pending” status for more than 48 hours, you will need to click on the edit button (pictured below) and go through the steps above, if you have already copied over the appropriate records just click confirm when you get to the records page. If your records have been verified it will move into “Connected” and if it is still verifying it will remain in the “Pending” status until verification is completed.