Sender authentication in EmailLabs vs DKIM key

Natalia Zacholska, 23 September 2021

With authentication, both your domain and mailings will be adequately protected against possible phishing and third-party exploitation of your server. EmailLabs allows you to authenticate email addresses and domains. Authorization can be done in the EmailLabs panel, in the Admin Sender Authorization tab.

Sender authentication and the DKIM key

Sender Authentication is a feature that allows you to authorize a domain and an email address that you use to send mail via EmailLabs. When authorizing a domain, the EmailLabs system generates a unique entry that must be added to the DNS settings of a selected domain. The link authorizes a domain and enters the DKIM key, which acts as additional authentication for your mailings. This allows the authorized domain to sign your emails with its DKIM key. However, if you decide to authenticate your email address only, you need to bear in mind that emails will be automatically signed with the domain, which contains the EmailLabs DKIM key.

Which domain and DKIM key are used to sign the email? It depends on the authorization process used by the client.

Situation #1 Authorizing domain From

When you authorize domain From you also authorize all email addresses on this domain in the EmailLabs panel. Therefore, you do not need to authorize them individually in the EmailLabs panel (it is recommended to remove individual authorized addresses and leave the domain authorization only).

Such authorization results in all messages sent using Email addresses hosted on a given domain being signed with its key.

If you have authorized multiple From domains in your EmailLabs panel, then each domain gets to sign “its” email, i.e. message sent from an email address that is set on that domain.

Situation #2 Authorizing a From address

If you don’t want or can’t authorize From domain in the EmailLabs panel, then use authorization of individual Email addresses (only existing email addresses can be authorized).

Email addresses authorized in this way are automatically signed with the system domain EmailLabs:

If you do not want your messages to be marked with the signature, and you have access to your domain’s DNS settings – performing such authorization will replace the with your domain.

Situation #3 Default Key Option

When authorizing a From domain, you can use the Default Key option.

A domain with this status signs messages sent from authorized Email addresses (replacing the signature with the domain’s signature).

Sender Authorization Form in EmailLabs panel

Domain authorization is done by placing a DKIM record in DNS. The domain authorization form (Sender Authorization tab) contains several fields. Below is an explanation of each parameter.

  • domain from: the domain used in the from address, from which messages will be sent and which is to be authorized, e.g. … or … Note: we recommend the use of a subdomain, as a CNAME entry must be placed in the DNS records to authorize the domain;
  • auxiliary description: an additional designation/description of your domains in the EmailLabs panel. This description is administrative information visible only in the EmailLabs panel.
  • selector: in this field put the selector you want to use to mark DKIM in your domain, e.g. “plpl”. The minimum length of the selector must contain 3-4 characters; both numbers and letters can be used. The selector is the label that allows the DKIM key to be searched in DNS records.

Default key (for email addresses) – if you want to sign your authorized EMAIL ADDRESSES with the DKIM key associated with a specific domain, add it to the Domain Authorization tab and mark it as default.


After completing the form, the generated CNAME type record must be added to the DNS of the domain you entered during authorization. The entry will be available after saving the form.

Example for domain: CNAME

Example for a domain: CNAME

Most popular