DomainKeys Identified Mail (DKIM) is an email authentication method that allows the person receiving the email to check that it was actually sent by the domain it claims to be from and that it hasn’t been modified during transit. DKIM adds a digital signature to the header of an email message.
How DKIM Works
Here’s how DKIM typically works:
| Signing the Email | The sender’s mail server generates a unique digital signature for each outgoing email by using a private key associated with the sending domain. This signature is added to the email header. |
| DNS Record | The sender publishes a public key in their domain’s DNS records. This public key is used by the recipient’s mail server to verify the digital signature. |
| Verification | When the recipient’s mail server receives the email, it retrieves the public key from the sender’s DNS records and uses it to decrypt the digital signature in the email header. If the signature is valid, it means the email hasn’t been tampered with during transit, and it is likely from the claimed sender. |
DKIM provides a way to verify the authenticity of an email and detect potential tampering. It is particularly useful in preventing email spoofing and phishing attacks.
Like SPF (Sender Policy Framework), DKIM is part of the broader set of email authentication mechanisms. Combining DKIM with SPF and DMARC (Domain-based Message Authentication, Reporting, and Conformance) provides a more comprehensive approach to email authentication, helping to enhance the security of email communications.