Email SecurityAlso called: "DomainKeys", "email signature"
DKIM allows receiving mail servers to verify that an email claiming to be from a specific domain was actually authorized by that domain's owner and has not been modified during transmission.
Why it matters
- Prevents email tampering and content modification during transit.
- Works alongside SPF and DMARC to provide comprehensive email authentication.
- Helps protect your domain reputation and prevents email spoofing.
- Critical for email deliverability to major providers like Gmail and Microsoft 365.
How it works
- Your email server adds a digital signature to outgoing messages using a private key.
- The public key is published in your DNS records as a TXT record.
- Receiving servers verify the signature using your published public key.
- Failed signatures indicate the message was altered or is fraudulent.
How to implement
- Generate a public/private key pair (typically 2048-bit RSA or ED25519).
- Publish the public key in DNS: selector._domainkey.yourdomain.com
- Configure your email server to sign outgoing messages with the private key.
- Test with email authentication tools to verify proper signing.
- Rotate keys periodically for security best practices.
Explore More Email Security
View all termsDMARC (Domain-based Message Authentication, Reporting, and Conformance)
Email validation system that builds on SPF and DKIM to prevent email spoofing and provide reporting on email authentication failures.
Read more →Email Headers
Metadata attached to emails that shows routing information, authentication results, and delivery path.
Read more →SPF (Sender Policy Framework)
Email authentication method that specifies which mail servers are authorized to send email on behalf of your domain.
Read more →