DomainKeys Identified Mail (DKIM)
DomainKeys Identified Mail (DKIM) is an email authentication mechanism that is deployed to prevent emails from being tampered with in transit. DKIM is widely adopted by businesses to protect their emails from spoofing and phishing attacks.
How DKIM works
DKIM uses the "Public key cryptography" technique to ensure that the email message was not modified during transit. When an email is to be sent by an outbound server, it will add a DKIM signature to the email. The DKIM signature contains a hash value that is generated by encrypting the the email message and headers using a private key. The DKIM signature also contains the names of the headers that were used to create the hash value. The email is sent after adding the DKIM signature to the email.
The recipient server will extract the DKIM signature and perform a DKIM lookup for the domain present in it. As a result, the DKIM public key will be fetched. The receiving server will decrypt the hash value using the public key and compare the email message and headers present in the decrypted hash value with the email message and headers present in the email that was received. The email will pass DKIM if both values match.
More about a DKIM record
Sample DKIM record:
k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBMuSsLsy
k - Indicates the algorithm that is used
p - Public key
Sample DKIM signature:
DKIM-Signature:
v=1; a=rsa-sha256; d=example.com;s=selec1; c=relaxed/relaxed; h=from:to:subject:date;
bh=MHIzKDU2Nzf3MDEyNzR1Njc5OTAyMjM0MUY3ODlqBLP=;
b=hyjCnOfAKDdLZdKIc9G1q7LoDWlEniSbzc+yuU2zGrtruF00ldcFVoG4WTHNiYwG
v - The version of the DKIM signature
a - Algorithm used to create the hash value
c - The type of canonicalization used for header and body
s - Selector
d - Domain used for signing
h - Headers that are signed
bh - Hash value of the email body
b - Hash value of signed headers
Benefits of implementing DKIM
A sender domain will start earning reputation from mailbox providers and anti-spam services only when DKIM is implemented
- DKIM earns the trust of mailbox providers and antispam services
- Improves email deliverability
- Protects your emails from phishing and spoofing attacks
You can click here to learn more about setting up the DKIM record for your sender domain.
Related Articles
What is Domain Keys Identified Mail (DKIM)?
DomainKeys Identified Mail (DKIM) is a security mechanism adopted by email marketing services to validate an email message. It checks if the emails are sent from a valid source and if the email message was tampered with in transit. Click here ...How to setup SPF and DKIM TXT records for your domain
At Zoho Campaigns, we strongly urge you to authenticate your domain by implementing SPF and DKIM. To successfully authenticate your sender domain, you need to set up your SPF and DKIM TXT records. Authenticating your sender domain is a simple process ...Why am I not able to add a DKIM record in GoDaddy?
When you're adding a DKIM record in GoDaddy, you must not include the domain name in the DKIM key. For example, if your DKIM key is 72247._domainkey.zylker.com, while adding it in GoDaddy, you must only add 72247._domainkey.How to authenticate my domain
Domain Authentication is a mechanism that verifies the email from the point of its origin by validating the email sender. It checks emails to rule out any possibility of spamming or spoofing thereby protecting the sender's good reputation. ...When SPF or DKIM alignment fails
A DMARC check includes SPF and DKIM alignment. If your DMARC report says that SPF or DKIM alignment has failed for your emails even though you've properly authenticated your domain with Zoho Campaigns, read the information below to learn why this may ...