Hi, {{first_name|friend}}. 👋

Welcome to Issue #231 of All About Email!

Last time was s all about Preflight, a new email preview tool (and so much more), that I am very excited about!

This week, we take a look at DKIM2, the replacement for DKIM and how it improves on the old standard.

Let’s go! 👇

Preflight QA for Email

Preflight is a new email testing service built with a fresh and opinionated perspective on how modern testing should work.

Check your email accessibility, rendering, and delivery before you send.

Sponsored

Get Your 14-Day Free Trial

Have you ever heard of DKIM2?

I don’t know about you, but in the last couple of weeks, I’ve seen a lot of talk about DKIM2, and if I’m being honest, I had never heard of it. 😳

For years, we’ve relied on the "Big Three" of email authentication: SPF, DKIM, and DMARC. Enter DKIM2, the first major upgrade to email signatures in over a decade.

💪 It’s going to help build a stronger foundation for email security and deliverability, and that’s never a bad thing.

What exactly is DKIM2?

While the original DKIM (now sometimes referred to as DKIM1) tells a receiver "This email came from my domain," it doesn't always handle the journey well.

🚨 If an email is forwarded or slightly modified by a mailing list, the signature often "breaks," causing your message to be sent to the spam folder.

DKIM2 is designed to be resilient. It creates a verifiable "chain of custody" for your email from the moment you hit send until it hits the inbox.

Three Big Wins of DKIM2:

  • Replay Protection: With DKIM1, a hacker “could steal” your valid signature and attach it to a malicious email. DKIM2 uses stricter header signing to ensure a signature only works for its original, intended destination.

  • Forwarding Success: When an email passes through a service that adds a footer or changes the formatting, DKIM2 allows that service to "document" the change. This lets the final receiver verify the original signature without causing it to fail.

  • Modern Cryptography: It’s faster and stronger. DKIM2 supports Ed25519, a modern signing algorithm that provides increased security with much smaller keys, keeping your DNS records lean and mean.

Technical Deep Dive

🤓 If you’re an email geek like me, you can read up on the specifics and follow along with the progress (for example, DKIM2 is heavily influenced by ARC).

If you don’t want to do that, then check out these points:

  • Chain of Custody: Unlike DKIM1, which is "set and forget," DKIM2 signatures can be layered by each "hop" an email takes.

  • Ed25519: The "gold standard" of digital signatures. Significantly faster and more secure than traditional RSA.

  • Standardised Headers: DKIM2 mandates signing a fixed set of headers to prevent "header injection" attacks (for example, the Message-Instance header, which allows intermediaries [like forwarding server]) to "undo" changes and validate the original).

🤷‍♂️ I’m going to make a cautious prediction and suggest you can expect a long period of DKIM and DKIM2 operating side-by-side.

Next Steps?

💡 In this case, being an early adopter could be a very good thing from a security standpoint. Although I won’t be switching just yet.

Mostly because DKIM2 is a draft standard, and dedicated DKIM2 toggle switches in standard mailbox providers (like Gmail, Outlook, etc.) do not yet exist.

However, the architecture being built is designed to co-exist with existing systems.

I also won’t be switching yet because I need to understand DKIM2 better and chat with some people in the Email Geeks Slack.

As of now, DKIM2 is moving from the "experimental" phase to the "best practice" phase, and so you might want to start asking your Email Service Provider (ESP) about their DKIM2 roadmap.

Some Action Items For Now

1️⃣ Get your DKIM sorted:

  • 2048-bit keys

  • Clean setup across all sending sources

  • Proper key rotation

2️⃣ Understand your email flow:

  • What’s modifying your emails?

  • Where are they being forwarded?

  • What sits between the “send” and the inbox?

Because DKIM2 cares about all of that.

💡 You can read up more on DKIM2 Best Practices in the networking group document.

Before You Go

A couple of weeks ago, we took a first look at Preflight. If you haven’t checked it out yet, since then:

  • The free trial has increased from 5 days to 14 days.

  • The website has had a glow-up and conveys what Preflight does better (and it was already pretty good).

  • Excitingly, there is no API in beta!

🎉 In our deep dive into Preflight, I did mention Mark was iterating constantly, so I can’t wait to see what the next couple of weeks hold.

That’s it for this week, {{first_name|friend}}. 👋

All About Email - Playlist 🎧

Every week, as I write this newsletter, I'll share the track of the moment to create an unbelievably eclectic playlist just for your inbox.

Unlock ChatGPT’s Full Power at Work

ChatGPT is transforming productivity, but most teams miss its true potential. Subscribe to Mindstream for free and access 5 expert-built resources packed with prompts, workflows, and practical strategies for 2025.

Whether you're crafting content, managing projects, or automating work, this kit helps you save time and get better results every week.

Get Your Free Resource Kit

Sponsorship Opportunities

🚨 If you’re interested in sponsoring the “All About Email” newsletter, you can find all the details in this Google Doc.

Email Marketing News & Tips

This week's excellent and insightful email news & tips:

If you have any questions about this email or email marketing, please reply, and I will get back to you as soon as possible.

I hope you have a great week! 👋

Reply

Avatar

or to participate

Keep Reading

© 2026 All About Email.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv