DKIM

What is DKIM?

DKIM, or DomainKeys Identified Mail, is an email authentication technique that allows receivers to verify that an email message has not been tampered with during transit. It adds a digital signature to outgoing messages that the receiving server can verify.

Email fraud is a severe problem, and DKIM can help to combat it by making it more difficult for attackers to spoof sender addresses or tamper with the message content. By verifying DKIM signatures, recipients can be confident that the email they received is the same as the one that was sent.

Domain owners create a public/private key pair and publish the public key in their DNS records. Outgoing mail from the domain is then signed with the private key, and the signature is added as a header to the message. When the message arrives at its destination, the receiving server can use the published public key to verify that the signature is valid and that the message has not been tampered with.

There are a few different ways to implement DKIM, but all of them involve adding a digital signature to outgoing email messages. Recipients can then verify this signature using the sender's public key, which is published in DNS. By verifying DKIM signatures, recipients can be confident that they are receiving the same message that was originally sent.

Does DKIM replace SPF?

Some mail servers alter the message for a legitimate reason. It often happens in enterprise organizations, where a warning may be added to external mails, for example. Therefore, it is recommended to combine DKIM with SPF. The combination gives the receiver a reliable way to determine if the mail is genuine, and because SPF is simple to set up and maintain, there is no reason to ignore SPF.