In this article, you will find out what DKIM is, how it works, and how to set it up for your domain.
What is DKIM?
DKIM stands for DomainKeys Identified Mail. It is an email authentication method designed to verify the authenticity of email messages and detect email spoofing and tampering. DKIM helps ensure that the sender of an email is who they claim to be and that the email content has not been altered during transit.
How do DKIM records work?
-
Signing the Email: When an outgoing email is sent from a domain that has DKIM enabled, the sending mail server digitally signs the email using a private key. This private key is specific to the sending domain and is kept securely by the domain owner or mail service provider.
-
Adding a Signature Header: The digital signature is added to the email as a DKIM-Signature header. This header includes information about the domain, the algorithm used for signing, and the signature itself.
DKIM record looks like the following:
selector1._domainkey.example.com TXT k=rsa;p=J8eTBu224i086iK
-
DNS Record: The domain owner publishes a public DKIM key in their domain's DNS records. This public key is used by receiving mail servers to verify the email's signature.
-
Receiving Mail Server Verification: When the email reaches the recipient's mail server, the server retrieves the public DKIM key from the DNS records of the sending domain. It then uses this key to decrypt the signature in the DKIM-Signature header.
-
Authentication: If the decryption is successful, the receiving mail server knows that the email was indeed sent by the claimed domain, and the content has not been altered since it was signed. This process authenticates the email's origin and integrity.
By implementing it for your domain name, DKIM helps to improve email deliverability, as reputable mail services are more likely to accept and deliver emails that are authenticated through DKIM.