What is DomainKeys Identified Mail (DKIM)?
DomainKeys Identified Mail (DKIM) is an email authentication protocol that allows the recipient to verify that an email from a specific domain has been authorized by the domain owner.
When you send an email, your email server attaches a DKIM signature so the receiving server can authenticate you.
This is achieved by creating a pair of electronic keys—a public and a private key—using cryptographic authentication.
You own the private key, and it’s specific to your domain. That private key corresponds to a public key registered in your DNS. Here is how the keys work and why DKIM is important for email deliverability.
Why do you need DKIM?
DKIM helps compensate for SPF limitations that concern the authentication of the message source. For instance, the SPF record breaks when the email is forwarded.
This leaves room for malicious actors to spoof the display name or the sender’s address.
A DKIM signature fixes this. When you send a message, the receiving server analyzes your public key. Next, it checks if the private key was used to write the cryptographic signature when sending the message.
If the private key was used, the message is considered legitimate, and the receiving server gives it a PASS and lets it in the inbox.
On the other hand, if it wasn’t used, then the message is considered not legitimate, in which case the receiving server gives it a FAIL, rejecting or sending it to the spam folder.
With that in mind, a DKIM signature helps you prove three things:
The email content is original and unaltered.
The headers have not changed since the original sender sent the email.
The email sender has the DKIM domain, or the domain owner allows it.
As a result, you can ensure that your emails are not tampered with by anyone in the middle while in transit from server to server. This helps protect you from spoofers and keeps you away from spam folders and bounces.