What is DKIM?
DKIM (Domain Keys Identified Mail) – An email authentification method designed to detect “spoofing” which is a type of misleading email delivery. This is used to verify you own the domain that you are going to be using in your email address and so other’s can’t send from that domain email address.
DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain. This is done by giving the email a digital signature. This DKIM signature is a header that is added to the message and is secured with encryption.
Once the receiver (or receiving system) determines that an email is signed with a valid DKIM signature, it’s certain that parts of the email among which the message body and attachments haven’t been modified. Usually, DKIM signatures are not visible to end-users, the validation is done on a server level.
Implementing the DKIM standard will improve email deliverability. If you use DKIM record together with DMARC (and even SPF) you can also protect your domain against malicious emails sent on behalf of your domains. Though, in practice, these goals are achieved more effectively if you use the DKIM record together with DMARC (and even SPF). DMARC and DMARC Analyzer use both SPF and DKIM. Together they provide synergy and the best result for email security and deliverability.
Domain Keys Identified Mail was formed by merging two existing specifications Domain Keys (created by Yahoo) and Identified Internet Mail (from Cisco) in 2004.
It developed into a new widely adopted authentication technique which was also registered as an RFC by the IETF. All leading ISP’s (like Google, Microsoft, and Yahoo) check incoming mail for DKIM signatures.
DKIM in practice
The Domain Keys Identified Mail signature is generated by the MTA (Mail Transfer Agent). It creates a unique string of characters called Hash Value. This hash value is stored in the listed domain. After receiving the email, the receiver can verify the DKIM signature using the public key registered in the DNS. It uses that key to decrypt the Hash Value in the header and recalculate the hash value from the email is received. If these two DKIM signatures are a match the MTA knows that the email has not been altered. This gives the user confirms that the email was actually sent from the listed domain.