What is DKIM?

DKIM stands for DomainKeys Identified Mail. It is a method of email authentication that allows senders to prevent email content from being altered during the delivery process.

It’s based on public key cryptography, and it works by adding a digital signature to the message header. When the receiver gets an email with DKIM, they check the digital signature to make sure it is valid. If it is, then they know the message has remained unaltered during the transfer.

How Does DKIM Work?

How Does DKIM Work?

During the DKIM authentication process, the sender’s domain generates a pair of cryptographic keys, and when an email is sent, the sending server adds a DKIM signature to the message header using the private key. 

The sender’s domain publishes the public key in a DNS record. Upon receiving the email, the recipient’s server retrieves the DKIM signature, queries the DNS for the public key, and verifies the signature’s integrity by comparing it to a computed hash of the email’s headers and body. If the signature is valid, the email is considered authentic and unaltered, protecting against forgery and tampering.

What is a DKIM record?

A DKIM record is a set of machine-level instructions that are added to your DNS settings, and it tells the internet that the messages are coming from an authenticated source, allowing mail servers to verify that a message has not been altered en route to its destination.

DKIM signature

A DKIM signature is a cryptographic signature added to the header of an email message that verifies its authenticity and ensures it has not been tampered with during transit.

DKIM selector

DKIM selector is a unique identifier for a DKIM signing domain. An alphanumeric string value that is defined in the s= tag in your DKIM email header, the selector should be distinguishable and different for every email vendor you use.

For example, in the DKIM record s1._domainkey.domain.com, s1 is your selector.

DKIM Record Example