DKIM (DomainKeys Identified Mail) is an email authentication method that helps verify the legitimacy of an email message and protect against email spoofing. Here’s a clear breakdown:
1. Purpose
- Ensures that an email actually comes from the domain it claims to be from.
- Confirms that the email hasn’t been altered in transit.
- Helps improve email deliverability by increasing trust with recipient servers.
2. How DKIM Works
DKIM uses cryptography (public/private key pair):
- Signing the email (sending side):
- The sending server adds a DKIM-Signature header to the email.
- This header contains a digital signature generated using the sender’s private key.
- Certain parts of the email (like
From,Subject, and body) are included in the signature.
- Verifying the email (receiving side):
- The receiving server fetches the sender’s public key from the domain’s DNS records.
- It uses this key to verify the signature.
- If the signature is valid, the email is trusted as authentic.
3. Benefits
- Prevents email spoofing and phishing using your domain.
- Improves email deliverability; emails are less likely to go to spam.
- Works with SPF and DMARC for complete email authentication.
4. Components
- Private key: Stored on the sending mail server; used to sign emails.
- Public key: Published in DNS; used by recipients to verify the signature.
- DKIM-Signature header: Added to each email to carry the signature and signing info.
✅ In simple terms: DKIM lets the recipient verify that the email really came from your domain and hasn’t been tampered with.