What is DKIM?

DKIM stands for DomainKeys Identified Mail. It is a method of email authentication that allows senders to prevent email content from being altered during the delivery process.

It’s based on public key cryptography, and it works by adding a digital signature to the message header. When the receiver gets an email with DKIM, they check the digital signature to make sure it is valid. If it is, then they know the message has remained unaltered during the transfer.

How Does DKIM Work?

How Does DKIM Work?

During the DKIM authentication process, the sender’s domain generates a pair of cryptographic keys, and when an email is sent, the sending server adds a DKIM signature to the message header using the private key. 

The sender’s domain publishes the public key in a DNS record. Upon receiving the email, the recipient’s server retrieves the DKIM signature, queries the DNS for the public key, and verifies the signature’s integrity by comparing it to a computed hash of the email’s headers and body. If the signature is valid, the email is considered authentic and unaltered, protecting against forgery and tampering.

What is a DKIM record?

A DKIM record is a set of machine-level instructions that are added to your DNS settings, and it tells the internet that the messages are coming from an authenticated source, allowing mail servers to verify that a message has not been altered en route to its destination.

DKIM signature

A DKIM signature is a cryptographic signature added to the header of an email message that verifies its authenticity and ensures it has not been tampered with during transit.

Enable DKIM with PowerDMARC

PowerDMARC empowers domain owners to set up DKIM along with hands-on monitoring, that helps them stay on top of errors at all times, ensuring deliverability, while actively combatting cyberattacks. 

Our platform is easy to use for businesses of all sizes and can handle multiple domains and large volumes of email traffic. We provide an effective DKIM solution paired with several other essential email authentication protocols for 360-degree protection against email fraud. 

Get your DKIM and DMARC setup in just minutes with PowerDMARC!

Frequently Asked Questions on DKIM

To set up DKIM, you need to generate a private key and a corresponding public key, on your mail server with a DKIM record generator. Then, configure your server to sign outgoing emails with the private key and publish the public key as a DNS TXT record for your domain.

To check your DKIM record, you can use our free DKIM checker tool. Simply enter your domain name or the specific DKIM selector you want to check and it will report whether the DKIM record is properly set up or if any issues are detected.

While both are email authentication protocols, SPF focuses on authorizing the domain’s IP address, while DKIM focuses on verifying the email’s integrity and origin.

No, you cannot use the same DKIM key for multiple domains. Each domain requires its own unique DKIM key pair. This ensures that the DKIM signatures are domain-specific and maintains the security and integrity of email authentication for each individual domain. Read more

Yes, Office 365 supports DKIM. You can configure DKIM signing for your Office 365 domain by generating the necessary DKIM keys and publishing the public key as a DNS TXT record for your domain.

While DKIM is not a mandatory requirement for DMARC (Domain-based Message Authentication, Reporting, and Conformance) implementation, it is highly recommended.

While DKIM provides email authentication on its own, a DMARC analyzer adds an additional layer of control and reporting. While DKIM is not a prerequisite for DMARC, combining DKIM with DMARC yields better email security and visibility into email authentication practices.