DKIM Testing for Agencies
How digital and marketing agencies use DKIM testing to manage email authentication across multiple client domains and maintain deliverability.
Last updated: 2026-01-28
When you manage email for dozens of clients, DKIM problems multiply fast. One misconfigured record can tank a client's campaign. Worse, you might not find out until they're asking why their emails aren't getting delivered.
The Agency Challenge
Agencies face unique email authentication challenges:
Multiple clients, multiple domains: Each client has their own domain with its own DKIM configuration. That's dozens or hundreds of DKIM records to track.
Varying technical access: Some clients give you full DNS access. Others make you submit changes through their IT team. Some have no idea what DNS even is.
Different email stacks: Client A uses Mailchimp, Client B uses HubSpot, Client C uses Klaviyo. Each has different DKIM selectors and setup processes.
Accountability without control: You're responsible for email performance, but you often can't directly fix DNS issues.
The most common agency DKIM problem: assuming it's set up when it isn't. Always verify—never assume.
How DKIM Testing Helps Agencies
Client onboarding verification
Before launching any campaigns, verify DKIM is properly configured. Catch issues during onboarding, not after the first send.
Multi-client monitoring
Check all your clients' DKIM records from one place. Identify which domains have issues without logging into each DNS provider.
Quick troubleshooting
When a client reports deliverability issues, check DKIM first. It's often the culprit and easy to diagnose.
Documentation for handoffs
Generate reports showing DKIM status for client reviews or when transitioning accounts.
The Agency DKIM Workflow
During Client Onboarding
Audit existing setup
Check if the client already has DKIM configured. Note which selectors exist and which services they're for.
Document DNS access
Determine how you'll make DNS changes. Direct access? IT ticket system? Client makes changes you request?
Configure for your tools
Set up DKIM for whatever email platforms you'll use (Mailchimp, HubSpot, etc.). Get the DNS records you need to add.
Request or add records
Add the DKIM records to DNS. If you need the client to do it, provide clear instructions.
Verify before sending
Test the DKIM record before launching any campaigns. Don't assume—verify.
Regular Maintenance
Weekly: Spot-check a few client domains, especially those with active campaigns.
Monthly: Full audit of all client DKIM records. Look for any that have disappeared or changed.
Before major campaigns: Always verify DKIM for the specific domain you're sending from.
When Things Go Wrong
Client emails going to spam? Check DKIM first:
- Test the DKIM record for the sending domain
- Verify the selector matches what the email service uses
- Check the email headers for DKIM pass/fail results
- If DKIM is failing, identify whether it's a DNS issue or email service configuration
Keep a master list
Maintain a spreadsheet for each client: domain, DKIM selectors, which email services use which selectors, and when you last verified. This saves hours of troubleshooting.
Managing Multiple Selectors
Most clients end up with multiple DKIM selectors:
| Service | Common Selectors | Notes |
|---|---|---|
| Google Workspace | google, google2 | Employee email |
| Microsoft 365 | selector1, selector2 | Employee email |
| Mailchimp | k1, k2, k3 | Marketing campaigns |
| HubSpot | hs1, hs2 | Marketing automation |
| Klaviyo | kl, kl2 | E-commerce marketing |
| SendGrid | s1, s2 | Transactional email |
When auditing a client, check for all selectors they might be using, not just the ones you set up.
Talking to Clients About DKIM
Some clients will ask what DKIM is and why it matters. Here's how to explain it:
For non-technical clients: "DKIM is like a digital signature that proves your emails are legitimate. Without it, Gmail and other providers might think your emails are spam."
For technical clients: "DKIM adds a cryptographic signature to outgoing emails. Receiving servers verify this signature against a public key in your DNS. It's required by major email providers for bulk sending."
When requesting DNS access: "I need to add a TXT record to your DNS for email authentication. This helps ensure your marketing emails reach the inbox instead of spam."
The Full Email Authentication Stack
For client email deliverability, DKIM is one of three essential configurations:
SPF: Authorizes which servers can send email for the domain. Check at spfrecordcheck.com.
DKIM: Adds cryptographic signatures to verify email authenticity.
DMARC: Sets policy for how failures should be handled. Check at dmarcrecordchecker.com.
All three should be configured for every client. When onboarding a new client, audit all three.
Scaling Agency Email Management
As your agency grows, manual DKIM checks become unsustainable. You need:
- Automated monitoring: Get alerts when a client's DKIM breaks instead of finding out when campaigns fail
- Centralized dashboard: See all clients' email authentication status in one place
- Historical tracking: Know when configurations changed so you can correlate with deliverability issues
Related Articles
Monitor Your DKIM Records
Checking once is good. Monitoring continuously is better. The Email Deliverability Suite watches your SPF, DKIM, DMARC, and MX records daily and alerts you when something breaks.
Never miss a DKIM issue
Monitor your SPF, DKIM, DMARC and MX records daily. Get alerts when something breaks.
Start Monitoring