Home

DKIM

DKIM, or DomainKeys Identified Mail, is an email authentication method designed to detect tampering and verify that a message originates from the claimed domain. It achieves this by attaching a digital signature to outgoing mail, verifiable by recipients using public key cryptography.

How it works: The sending server uses a private key to generate a cryptographic signature over selected

Verification and alignment: The recipient verifies the signature against the public key, checks the canonicalization rules,

DNS and deployment considerations: The public key is published in DNS and must be maintained securely. Key

Impact and limitations: DKIM improves authenticity and deliverability, especially when paired with DMARC and SPF. It

header
fields
and,
optionally,
the
message
body.
The
signature
is
included
in
a
DKIM-Signature
header.
The
recipient
retrieves
the
corresponding
public
key
from
the
signer’s
DNS
records,
published
as
a
TXT
record
under
a
selector
such
as
selector._domainkey.example.org.
The
recipient
uses
that
key
to
verify
the
signature
and
confirm
that
the
signed
parts
have
not
been
altered
in
transit.
and
ensures
the
signed
components
match
the
received
message.
DKIM
also
supports
domain
alignment
checks
that
are
used
by
DMARC
to
determine
trust
when
assessing
the
From
header
domain.
rotation
and
careful
selector
management
are
standard
practices.
DKIM
signatures
do
not
encrypt
content
and
do
not,
by
themselves,
prevent
spoofing
unless
used
in
conjunction
with
DMARC
and
SPF.
does
not
guarantee
privacy
and
can
be
disrupted
by
forwarding
or
message
modifications
that
affect
the
signature.
Effective
use
typically
requires
coordination
between
signing
domains
and
recipient
policies.