What is DKIM (DomainKeys Identified Mail)?

Updated at: Oct 01, 2019
By Gatefy

DKIM for email protection

Email security should be a top priority within companies because of the risk of threats and attacks. So, it’s time to introduce you to DKIM (DomainKeys Identified Mail), a new layer of defense that further enhances your email protection.

To keep it simple, DKIM is an authentication protocol that has the goal of avoiding spoofing, phishing and spam. It prevents criminals from impersonating your domain to send fake emails.

DKIM is a solution to block spoofing

The DKIM mechanism is based on encryption that validates the email so that the receiving mail server identifies the sender. It makes sure that messages weren’t modified while they were traveling between the sender and the recipient. It offers more security for the sender and for those who receive an email.

How DKIM works

In practice, DKIM works using a private key and a public key. The private key is for encrypting a signature in the headers of emails that are being sent. The public key published to a domain’s DNS is used to decrypt the signature and verify the authenticity of the message.

As dkim.org clarifies: “DKIM attaches a new domain name identifier to a message and uses cryptographic techniques to validate authorization for its presence. The identifier is independent of any other identifier in the message, such in the author's From: field”.

It means that DKIM is a unique header placed into each email and operates comparing a key stored in the DNS to a hash of the message headers and body. On other words, DKIM contains information about the sender, the message, and the public key.

Why you should use DKIM

That’s easy to answer now, right? As we said, DKIM is a very good mechanism to preventing spoofing, phishing and spam. Not having to worry about a criminal using your domain improperly to apply scams is a very good and decisive reason.

But the benefit isn’t only that. By preventing misuse of your business name, DKIM helps your domain to have a better reputation, improving your delivery rate.

DKIM Challenges

It’s important to know that...

• DKIM doesn’t guarantee protection against spoofing of the “header from” domain.
• It also doesn’t protect against forwarded messages that have a valid signature.
• Because of its complexity, in general, many organizations don’t adopt DKIM.


DKIM can and should be combined with other protection mechanisms to increase your email protection, such as Sender Policy Framework (SPF) and Domain-based Message Authentication Reporting & Conformance (DMARC).

More information about DKIM

Please, visit www.dkim.org