You don't have to move to DKIM right away – the major ISPs aren't using it yet. Yahoo! and Gmail appear to still use DK. However, they are expected to add support for DKIM soon. So get ready:

1. Make sure you have a Mail Transfer Agent (MTA) that's capable of signing mail. If you don't, get a new one. There are a lot of great open source MTAs and commercial MTAs that can do this. If you aren't signing with DK today it is strongly recommend that you do.

2. Make sure you know which domains you want to sign and where all the mail for those domains are being sent from. Note: you should be signing all mail from domains that look like they come from you. This is a big mistake that emailers are making all the time. Ask yourself, "What domains are most closely tied to my brand?" and "What domains would cause the most harm if they were spoofed?" If you don't sign some of your emails you are leaving a huge opening for phishers. It's a little like having a fancy alarm system on every door in the house and then leaving the back door wide open. If you aren't going to lock everything down it's almost not worth bothering.

3. If you aren't already convinced, authenticate! As George Bilbrey wrote last month, authentication is crucial to making email better and safer for all. It's not a panacea for deliverability, but it is still a very important part of keeping your email infrastructure in good working order. If you need help with current authentication standards, check out Return Path's step-by-step guide.

Source: Return Path