Related Articles: MX Records | DMARC | DKIM | SPF | Autodiscover
You are reading this article as you would like to know more about DKIM (Domain Keys Identified Mail) and possibly you have received a bounceback from Google, Yahoo or another mainstream provider saying your domain is "not fully authenticated".
DKIM adds a secure signature to your domain to authenticate emails sent from users in your company.
DKIM is an industry best practice that increases the security of your email domains:
- Spend less time removing your domains from blacklists
- Spend less time working with users after they have fallen for phishing attempts
- Increase confidence that emails sent from your users are not fraudulent
What is DKIM?
DKIM (Domain Keys Identified Mail) enables email providers that receive mail from your domain to verify whether or not messages from your domain are in fact authentic and not fraudulent. This level of email authentication is made possible through the use of public / private key encryption and information stored in your domain's DNS.
How does it work?
When a message is sent from your domain, it is ‘signed’ using the private key and various parts of the message headers and/or content. These parts are specified in the signature.
Recipients of the message can use the public key specified in your domain’s DKIM TXT record to validate the signature. If the validation is successful, then the receiver can assume the message came from a legitimate source. If the signature fails, then the receiver can choose whether or not to trust the message.
Each domain will have its own unique DKIM key and signature.
DKIM Record Host: <selector>._domainkey
DKIM Record Value: v=DKIM1; k=rsa; p=<encrypted key>
In addition to validating the original source of the message, these signatures ensure that the message has not been altered in transit by any third parties.