What is DKIM?

Make Your Email Airtight With DKIM. A beginner’s guide to what is DKIM and how it helps secure your emails. 

What is DKIM? DKIM, or DomainKeys Identified Mail, is a method of email authentication that allows senders to claim responsibility for their messages. It’s based on public key cryptography, and it works by adding a digital signature to the message header. When the receiver gets an email with DKIM, they check the digital signature to make sure it is valid. If it is, then they know the message has remained unaltered during transfer.

What is DKIM’s History?

DKIM history
What is DKIM

A Brief History of DomainKeys Identified Mail

Created in the year 2004, DKIM is a culmination of 2 previously existing standards: 

  • Enhanced DomainKey (created by Yahoo!)

    This email verification system created by Yahoo! attested to the integrity of an email message by verifying the DNS domain from which the message originated.

  • Identified Internet Mail (created by Cisco)

    This email authentication standard introduced by Cisco used digitally affixed signatures in the message body to verify the legitimacy of outgoing messages. 

    Yahoo, Gmail, AOL, and FastMail were the first in line to implement the protocol, however, in recent times it is a widely adopted and strongly recommended standard for all email providers and users.

What is DKIM and Why Do You Need it?

  • Prevent Message Alteration

    When you ask yourself, what is DKIM doing to prevent email fraud, get this: the digital signature is a failsafe that cannot be decrypted if the email has been intercepted and altered, so the email gets rejected.

  • Stop Domain Spoofing

    An email sent by an attacker through your domain won’t have your private signature on it, and it will fail to authenticate, which is yet another insight into what is DKIM protecting your organization against.

    View the latest email fraud statistics here.

  • Avoid Spam Filters

    What is DKIM popularly known for is a reduction in spam emails. Configuring DKIM will greatly reduce the chances of your email ending up in the spam folder, especially with an email marketing campaign.

  • Boost Email Deliverability

    Moreover, when you set up DKIM, it improves your reputation as a verified source in the eyes of customers, partners and other services.

How Does DKIM Work?

What is a DKIM record?

A DKIM record is a set of machine-level instructions that are added to your DNS settings, and it tells the internet that the messages are coming from an authenticated source, allowing mail servers to verify that a message has not been altered en route to its destination.

The DKIM process works like this:

  • The sender computes a hash value of their message and appends it to their outgoing email.

  • When the email is received by the recipient’s mail server, they use their private key to decrypt the hash value and compare it to a public key stored in their DNS records (your DKIM record). If they match, then this verifies that the user received the original message and hasn’t altered it in any way since sending it out.

What is DKIM Selector?

DKIM selector is a unique identifier for a DKIM signing domain. An alphanumeric string value that is defined in the s= tag in your DKIM email header, the selector should be distinguishable and different for every email vendor you use. 

For example, in the DKIM record s1._domainkey.domain.com, s1 is your selector.

How Does DKIM Work?
How Does DKIM Work?

How Does DKIM Work?

DomainKeys Identified Mail (DKIM) is an email authentication protocol that has two main components

  • Digital Signature

    What is DKIM signature?

    DKIM gives every email from your domain a digital signature that’s encrypted and private.

  • Public Encryption Key

    What is DKIM public key?

    Receiving email servers can decrypt the private signature using a public key published in your DNS.

When exploring what is DKIM, we need to know how it operates to protect our emails. The signature tells the receiving server that your email is legitimate and hasn’t been altered while in transit. If an attacker either intercepts and alters the email, or sends a fake email from your domain, the digital signature will fail to decrypt. The email doesn’t get authenticated and won’t make it to your customers’ inboxes.

DKIM also plays a key role in email forwarding.

What is DKIM’s Current State

Currently, DKIM is published under RFC 6376. DKIM has gone through various updates and modifications through the years. The most recent versions include RFC 8301 (issued in January 2018) and RFC 8463 (issued in September 2018) both assembling some key protocol improvements. Modifications include a larger key size for enhanced security (1024-4096) and shorter public keys that can be easily published on your DNS.

What is DKIM affected by: Errors and Limitations

DKIM is extremely important for message authentication, however, it is not perfect. Here are some of its limitations:

  • DKIM doesn’t authenticate the sender of an email. It only authenticates the sender’s domain name. So if someone has access to your email account, they can send emails in your name even if you have DKIM enabled!

  • DKIM requires public DNS records for verification. If your public DNS records aren’t set up correctly or if they don’t match what’s in your private DNS records (which is often the case for small businesses), this can lead to DKIM fail!

  • DKIM doesn’t prevent SPAM or phishing attempts on its own—it just makes them harder for bots to do successfully because they’ll need access to your private keys first before they can forge them correctly. Therefore pairing it up with DMARC is extremely essential.

Errors and Limitations
Pairing up DKIM with DMARC

Pairing up DKIM with DMARC

But why should you always pair up DKIM with DMARC? What is DKIM and DMARC doing for your business? It’s ideal for well-rounded protection while ensuring smooth email deliverability! If you use both of them, you’re more likely to avoid getting blacklisted by spam filters, which means your emails will get delivered to your recipients. 

In addition, using both protocols helps protect your brand—spammers often try to spoof domains they think will be less likely to report them as spam. But if the domains they’re spoofing actually have DKIM set up, it’ll make it harder for them to get away with their trickery.

The beauty of pairing them up is that they work together seamlessly to provide multiple layers of protection against spoofing attempts while giving senders options on how they want their mail handled in case something goes wrong during the delivery process.

DKIM with PowerDMARC

Hope this cleared your concept of what is DKIM. DMARC uses DKIM technology to authenticate emails, and it’s an integral part of what makes DMARC so secure. PowerDMARC gives you the absolute best-in-class DKIM configuration and hands-on monitoring. Our platform is easy to use for small businesses and corporations alike, and can be tailored to your needs. You can even check and generate your own DKIM records using our free suite of apps, Power Toolbox, right now on our website.

Get your DKIM and DMARC setup in just minutes with PowerDMARC. Secure your email now! 

Download PDF

Schedule a demo today

Start 15-day trial Book a demo