What Is DKIM?
Definition
DomainKeys Identified Mail (DKIM) is an email authentication technique. It adds a cryptographic signature to all outgoing emails. Email providers verify this signature to determine whether the email is authentic or not. It also serves as proof that the contents were not altered in any way during the transmission process. If all checks pass, the email reaches the recipient’s inbox. If not, it goes straight to the spam folder.
DKIM is sometimes combined with other email security policies, including DMARC (Domain-based Message Authentication) and SPF (Sender Policy Framework). All three protocols help make sure that your email domain stays reliable and safe from hostile entities.
How Does DKIM Work?
DKIM relies on two important elements: a private key and a public key. These two work together to verify if your email is authentic.
- Private Key: This is the key that is kept on your email server. It is used every time you send an email. Your server takes parts of the message—like the body and headers—which are then hashed and encrypted. The result is a “signature” that is completely specific to that email. This makes the email unique. If the email is altered, the signature will not match.
- Public Key: Like its name implies, this is the key that anyone can use. It is available through your DNS. When the email arrives in the recipient's inbox, their email provider looks for this key in the DNS. Using the public key, the provider then compares the signature with the hash value in the sender’s message and checks if everything matches. If it does, the email is considered to be authentic and unaltered.
DKIM signatures can be set to expire within a specific period (e.g., 24 hours), sometimes referred to as time-to-live (TTL). This adds extra security. With TTL, the signature attached to your email only works for a limited time. Once that time is up, the signature becomes invalid. This prevents anyone from taking an old email and using it for harmful purposes, like altering its content or pretending to be you.
Why Is DKIM Important?
Many email providers, such as Gmail, Yahoo, and Outlook, prioritize DKIM-verified emails because DKIM reduces instances of spoofing and phishing. Emails without DKIM are harder to verify. They tend to get sent straight to spam. Enabling DKIM helps your emails reach inboxes. Aside from protecting your domain’s reputation, it also improves deliverability.
Related terms
Related articles
Verify 500 emails for free. For lists over one-million emails, we will beat the price of any competitor, guaranteed.