DomainKeys Identified Mail (DKIM) explained

DomainKeys Identified Mail is an email verification system used by email servers that ensures the receiving server knows the sender and their intended recipient. This allows for greater security between the recipient and the sender: let's find out how it works.

September 02, 2022

What is DomainKeys Identified Mail?

DomainKeys Identified Mail (DKIM) is an email verification system used by email servers that ensures the receiving server knows the sender and their intended recipient. This allows for greater security between the recipient and the sender: to prevent the spread of malicious spam, one can implement the DKIM protocol, which uses public key cryptography to verify the authenticity of email messages. You can achieve better email deliverability and security by using DKIM signatures in message headers, where DKIM signatures distinguish between legitimate and fraudulent emails, protecting businesses and individuals from phishing and other forms of email fraud.

💡 Before continue reading, you may want to review the other methods to authenticate your email domain, which also include SPF, Sender ID, DMARC and Reverse DNS.

DomainKeys Identified Mail has several advantages over other email security methods, including non-repudiation and evidence for successfully delivered email messages. Other features include message integrity and cryptographic signing, validation, and verification. Each outgoing email can be digitally signed using the DKIM authentication standard, allowing recipients to verify the sender's identity: because it performs rigorous cryptographic authentication on each message, DKIM is a reliable approach for authenticating emails.

DKIM Signature

DKIM-signed messages can be recognized by including the DKIM-Signature: header field, as specified in the Internet Message Format standard RFC 5322. According to the information in the DKIM signature header field, any email server supporting DKIM will perform the necessary processing on the DKIM signature. A DKIM signature is not complete without supplementary information about the digital signature.


How does DKIM work?

A digital signature is appended to the email's headers, proving its authenticity. It is possible to check the signature's authenticity by comparing it to the company's public cryptographic key, which is stored in its DNS records.

As a rule of thumb, the procedure goes as follows:

  • Domain owners typically include a cryptographic public key in the DNS records for their domain in the form of a TXT record that has been prepared in a particular way.
  • An outgoing mail server creates a one-of-a-kind DKIM signature header and appends it to each message before sending it. Each of the given headers and the entire message body is cryptographically hashed and included in this header (or part of it). Details regarding the signature's creation process can be found in its header.
  • To verify the authenticity of an email message, receiving mail servers query the Domain Name System (DNS) for the sender's public DKIM key. The receiving server will use this key to decrypt the signature and compare it to a newly calculated one. The message can be verified as genuine and unchanged throughout transmission if the two numbers are identical.

DomainKeys Identified Mail

Why is DKIM so important?

It confirms your legitimacy as a sender: DKIM signatures let the recipient know that you are the domain owner sending out emails and that they came from your email server. They also verify that an email message has not been altered since it was sent and provide a mechanism for you to take ownership of any legitimate email correspondence.

It helps build your long-term reputation: DKIM signatures are an important part of any email campaign for which you want to build a reputation, for example, when involving a newsletter or a marketing campaign. Receiving email messages that contain DKIM signatures is a good way to let the recipient know about a campaign or newsletter: in this case, you can ensure that you control all emails sent out to the receivers, and you will always be able to look into any correspondence sent from your domain.

To build and maintain a high sender reputation, it is also necessary to avoid bounces, spamtraps and blacklists: therefore, always remember to verify your list using our fast and accurate email verification service before sending your newsletter or campaign (if you are already registered just upload your list through our clients area, otherwise register for a free account).

Wrap up

In conclusion, DomainKeys Identified Mail and the DKIM protocol is a definitive method for improving email deliverability. There are many benefits that a company will receive through the implementation of DomainKeys Identified Mail which makes it crucial to add DKIM to your email campaign. With DomainKeys Identified Mail, companies can give customers more confidence in their business and enhance security regarding email campaigns.

Have questions?

We are ready to help you.

Visit our help center
A repository of technical and non-technical articles about Verifalia's services.
Send us a message
Contact us with any questions or comments: support is always free of charge.

Want to chat?
Click the button below to chat live with one of our support team right now.