Title: What is DKIM (DomainKeys Identified Mail)?

URL: https://www.infobip.com/glossary/domainkeys-identified-mail-dkim

DomainKeys Identified Mail or DKIM is an email security standard that helps detect if the emails were tampered with in transit between sender and receiver.

## How does DKIM work?

DKIM works in three steps:

<tabs>
<tab label="Step 1 ">
When the sender sends the email, they identify what fields they want to include in their DKIM record signature. That includes From address, the subject, the body, and others. These fields must remain unchanged in transit, or DKIM authentication will fail.
</tab>
<tab label="Step 2">
Next, the sender’s email platform creates a hash of the fields included in the DKIM signature. Then it is encrypted with a private key only accessible to the sender.

The email gateway or consumer mailbox provider approves the DKIM signature after sending the email. It must locate the public key that is identical to the private key. After that, the DKIM signature is decrypted back to its initial hash string.
</tab>
<tab label="Step 3">
The receiver creates its hash of the fields in the DKIM signature and compares it with the decrypted hash string. If they match, the DKIM signature fields were not substituted in transit, and the email’s signer owns that email.
</tab>
</tabs>

## What is a DKIM record?

The DKIM record saves the public key the receiving mail server will use to check and verify a message’s signature — a name, version, key type, and the public key from the DKIM record.

## Can I have multiple DKIM records?

Yes, each DKIM key has a different DKIM selector added to a message’s DKIM signature that tells the receiving server which DKIM key to validate.

Multiple DKIM records are employed if your organization uses several servers to send emails on behalf of their domain name or uses “DKIM key rotation” to remove the risk of compromised DKIM keys.

## Why is DKIM important?

DKIM confirms your legitimacy as a sender. It helps you build a long-term reputation. In combination, DKIM, SPF, and DMARC help you prevent email spoofing.

## What is the difference between DKIM, SPF, and DMARC?

DKIM, SPF, and DMARC combined prevent email spoofing and data tampering.

DKIM is used to verify that no one has interfered with the data within the email.

SPF, on the other hand, stops spoofed messages using the sender’s domain.

When DKIM and SPF don’t warrant the message, DMARC determines what to do with the message – accept, reject, or mark it as spam.

### You could be interested in