What is DKIM (DomainKeys Identified Mail)?

DomainKeys Identified Mail or DKIM is an email security standard that helps detect if the emails were tampered with in transit between sender and receiver.

DKIM works in three steps:

The DKIM record saves the public key the receiving mail server will use to check and verify a message’s signature — a name, version, key type, and the public key from the DKIM record.

Yes, each DKIM key has a different DKIM selector added to a message’s DKIM signature that tells the receiving server which DKIM key to validate.

Multiple DKIM records are employed if your organization uses several servers to send emails on behalf of their domain name or uses “DKIM key rotation” to remove the risk of compromised DKIM keys.

DKIM confirms your legitimacy as a sender. It helps you build a long-term reputation. In combination, DKIM, SPF, and DMARC help you prevent email spoofing.

DKIM, SPF, and DMARC combined prevent email spoofing and data tampering.

DKIM is used to verify that no one has interfered with the data within the email.

SPF, on the other hand, stops spoofed messages using the sender’s domain.

When DKIM and SPF don’t warrant the message, DMARC determines what to do with the message – accept, reject, or mark it as spam.