Summary
When using shared DKIM signatures or sending infrastructure, the email sending practices and authentication setup of one customer can significantly impact the deliverability of other customers. This is primarily due to the shared reputation associated with the DKIM signature, IP address, and overall sending infrastructure. Poor sending practices, such as spamming, or compromised/misconfigured DKIM records by one customer can negatively affect the reputation and thus the deliverability of all other customers sharing the same DKIM signature or infrastructure. ISPs and mail providers often treat shared DKIM signatures as a single entity, meaning a negative impact on one sender affects everyone sharing that signature, irrespective of their individual sending behavior. Proper authentication, careful customer vetting, and continuous reputation monitoring are essential to mitigate these risks.
Key findings
- Shared Reputation is Key: Shared DKIM signatures and sending infrastructure result in a shared sender reputation. Actions of one impact all others using the same signature/infrastructure.
- Single Point of Failure: Using a single DKIM key for multiple customers creates a single point of failure. Compromised accounts or poor practices of one customer will impact others.
- Importance of Good Authentication: Proper SPF, DKIM, and DMARC implementation are crucial for email authenticity and deliverability. Faulty DKIM can cause deliverability issues across shared infrastructures.
- ISPs Treat Shared Signatures as Single Entity: ISPs and mail providers often view shared DKIM signatures as a single entity; a negative impact on one sender affects all others using it.
Key considerations
- Key Isolation: Consider implementing separate DKIM keys for different customers or mail streams to prevent cross-contamination of reputation.
- Strict Customer Vetting: Implement stringent vetting processes for new customers to minimize the risk of poor sending practices affecting shared infrastructure reputation.
- Consistent Reputation Monitoring: Continuously monitor sender reputation to identify and address potential issues. Tools should monitor domain and IP reputation metrics.
- Strong Authentication Policies: Enforce strict policies regarding email authentication (SPF, DKIM, DMARC) to minimize risks and ensure that customer emails are authenticated correctly.
- Careful Consideration of Shared Infrastructure: If using shared infrastructure (IPs, sending domains), be aware of the inherent risks to sender reputation.
What email marketers say
9 marketer opinions
Sharing DKIM signatures across multiple customers can significantly impact email deliverability due to shared reputation. The sending practices of one customer can affect the deliverability of others using the same DKIM signature or shared infrastructure. A negative reputation stemming from spammy behavior or compromised accounts can lead to blacklisting and reduced inbox placement for all associated senders, even if their individual practices are sound.
Key opinions
- Shared Reputation: Shared DKIM signatures or sending infrastructure creates a shared reputation; the actions of one customer directly impact the deliverability of others.
- Single Point of Failure: Using a single DKIM key for multiple customers creates a single point of failure. A compromised account or poor sending practices from one customer can negatively impact the deliverability of all other customers using the same DKIM signature.
- Impact of Poor Practices: Poor sending practices, such as spamming or failing to authenticate emails correctly, can lead to blacklisting and reduced inbox placement.
- ISP Perception: ISPs view shared DKIM signatures as a single entity; if one sender is blacklisted, all using that signature suffer.
Key considerations
- Reputation Monitoring: Continuously monitor sender reputation to identify and address potential issues that could negatively impact deliverability.
- Customer Vetting: Implement stringent vetting processes for new customers to minimize the risk of poor sending practices affecting the shared reputation.
- Separate DKIM Keys: Consider using separate DKIM keys for each customer to isolate reputation and prevent one customer's behavior from impacting others. While this adds complexity, it offers greater control.
- Authentication Setup: Properly configure sender authentication (SPF, DKIM, DMARC) to help prove your emails are genuine and reduce the risk of being marked as spam.
Marketer view
Email marketer from Email Geeks shares that if there are lots of bad senders, they may give your domain a bad reputation, which will apply to all with that domain. If not, you're probably fine as-is, but that can always change.
6 Jan 2022 - Email Geeks
Marketer view
Email marketer from SparkPost shares that while DKIM helps authenticate emails, a sender's reputation also plays a crucial role in deliverability. If a customer shares a DKIM signature and engages in poor sending practices, it can negatively impact the reputation and deliverability of other customers sharing the same signature.
10 Mar 2024 - SparkPost
What the experts say
5 expert opinions
Sharing DKIM signatures across multiple customers in a shared sending infrastructure creates a shared responsibility and reputation. If one customer engages in poor sending practices or has a faulty DKIM setup, it reflects negatively on the DKIM signing entity and can impact the deliverability of all customers using that infrastructure or key. DKIM helps identify the entity responsible for the email, and a poor reputation associated with that entity can affect deliverability regardless of individual customer practices. Proper DKIM authentication and managing mail stream identifiers are critical for maintaining a good reputation.
Key opinions
- Shared Responsibility: DKIM identifies the entity taking responsibility for the email, and poor sending practices by one customer reflect on all sharing that DKIM signature.
- Impact of Poor Practices: Spammy behavior or faulty DKIM setup by one customer can lead to deliverability problems for all sharing the infrastructure or DKIM key.
- Mail Stream Identifiers: MBPs use mail stream identifiers (DKIM d= values, IP addresses, etc.) to predict mail quality, so reputation is key.
- Importance of Authentication: Proper DKIM authentication is crucial; misconfigured or misused DKIM can cause deliverability issues across shared infrastructures.
Key considerations
- DKIM Key Management: Carefully manage DKIM key usage to avoid shared reputation problems. Consider separate keys for different customers or mail streams.
- Sender Vetting: Vetting new senders to ensure they implement good email sending practices is very important.
- Proactive Monitoring: Monitor sender reputation and implement practices that reduce risk to sender reputation
- Infrastructure Choices: Carefully consider the impact on reputation of using a shared infrastucture. It may be better to have individual dedicated setups.
Expert view
Expert from Email Geeks shares that signing with your own key as well as your customers' keys (or just your customers') is a choice. Signing with your own key makes things easier, and if your customers are generally good, it may help with delivery, especially when onboarding new customers.
27 Oct 2021 - Email Geeks
Expert view
Expert from Email Geeks explains that DKIM provides an identifier for an entity taking responsibility for the email. If some customers send unwanted mail, it reflects badly on the DKIM signing entity and its other customers.
24 Oct 2022 - Email Geeks
What the documentation says
4 technical articles
Sharing a DKIM key across multiple domains or customers in a shared environment poses deliverability risks. When a customer's DKIM is compromised, misused, or improperly implemented, it negatively impacts the overall sending reputation of the shared infrastructure. This affects all users, as recipient email systems lose trust in the domain's authenticity. SPF, DKIM, and DMARC work together to ensure deliverability; a failure in one impacts the entire system.
Key findings
- Shared Infrastructure Risk: Shared DKIM in multi-customer environments creates a shared reputation risk; one customer's actions affect all.
- Compromised DKIM Impact: Compromised or misused DKIM negatively affects the sending reputation, impacting other customers sharing the same infrastructure.
- Authentication Importance: Proper implementation of SPF, DKIM, and DMARC is crucial for email authentication and deliverability.
- Reputation Issues: Poor sending practices by one entity sharing a DKIM key can negatively impact the reputation of all others using the same key.
Key considerations
- Key Isolation: Consider implementing separate DKIM keys for different customers to prevent reputation bleed-over.
- Proper Implementation: Ensure all customers properly implement SPF, DKIM, and DMARC to maintain trust with recipient email systems.
- Reputation Monitoring: Monitor the sending reputation of all customers and the shared infrastructure to identify and address any issues promptly.
- Policy Enforcement: Enforce strict sending policies to prevent customers from engaging in practices that could harm the shared reputation.
Technical article
Documentation from Microsoft Learn explains that implementing SPF, DKIM, and DMARC helps ensure that recipient email systems trust messages sent from your domain. In a shared environment, if one customer fails to properly implement these, it can affect the reputation of the shared sending infrastructure, impacting other users' deliverability.
9 Apr 2025 - Microsoft Learn
Technical article
Documentation from Google Workspace Admin Help explains that DKIM helps prevent spoofing by verifying the domain from which an email is sent. When one customer's DKIM is compromised or misused, it can negatively affect the sending reputation of the shared infrastructure, impacting other customers.
22 Jan 2025 - Google Workspace Admin Help
Can I use DMARC with shared IP addresses?
Do DMARC and BIMI require p=reject to be present on the organizational domain?
Does UCE Protect Level 3 at an ESP affect delivery to major ISPs like Hotmail or Office 365?
How do ESPs manage IP pools and how does it affect deliverability?
How do shared IP pools and sending domains impact email sender reputation for ESPs?
How does customer DKIM signing impact ESP domain reputation in Google Postmaster Tools?
