When DKIM is installed, will I still be able to send email for my domain from gmail?

Question

Let's say I own example.com, that I install and configure dkim on my server (apt-get install opendkim opendkim-tools, etc.), and that I add the relevant public key to the domain's DNS records.

Then when sending email from my server (example: with PHP mail(...) or postfix), it will have DKIM signature.

But I also send emails for contact@example.com from Gmail, using "Send mail as" feature with a Sendgrid SMTP.

But I don't see in Gmail the setting for DKIM. Will the mails sent from Gmail be banned / not sent correctly because they're not sent with DKIM signature?

How to send email from Gmail for my domain using DKIM? (using Send mail as feature)

---

Note: this is the "Send mail as" feature I'm speaking about:

_{(source: slipstick.com)}

Answer 1

DomainKeys Identified Mail (DKIM) is for ensuring that mail content hasn't tampered during transmission. Unlike Sender Policy Framework (SPF) it's not trying to validate the source of the message as permitted sender. RFC 5585, 1.1 DKIM's Scope explains this:

DKIM is intended as a value-added feature for email. Mail that is not signed by DKIM is handled in the same way as it was before DKIM was defined. The message will be evaluated by established analysis and filtering techniques. (A signing policy can provide additional information for that analysis and filtering.) Over time, widespread DKIM adoption could permit stricter handling of messages that are not signed. However, early benefits do not require this and probably do not warrant this.

Therefore, checks regarding DKIM are only performed for emails containing the signature. Unless required by DMARC (which may be considered, among its other purposes, as the stricter handling mentioned), not signing the messages with DKIM wouldn't cause rejecting them.

Answer 2

SendGrid, Gmail, etc will sign with the appropriate DKIM Selector, so there won't be any overlap.

For instance, if you're not whitelabeled on SendGrid, they will sign with s=smtpapi, d=sendgrid.net. They have a record at smtpapi._domainkey.sendgrid.net. If you are whitelabeled on SendGrid (and you should be), you'll have created a DNS record, either m1._domainkey.example.com, or s1._domainkey.example.com, which will have the public key, or a CNAME to the public key, respectively. Google apps uses the selector ga1; I'm not sure what Gmail itself uses. Your own server-sent mail would also use whatever Selector you define when you setup your DKIM.

When a receiving server is validating the DKIM signature, it takes the s= value of the signature into account when it queries for the public key. This is an important feature of DKIM, as it allows you to rotate your public keys for security, as well as allowing you to have ESPs sign on your behalf, or any other need for multiple keys.