Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Taylor's Vault

DKIM

DKIM stands for Domain Keys Identified Mail. It is a method of authenticating the sender of an email to help prevent spam. Combining SPF, DKIM, and DMARC fake emails will usually not be delivered or will be marked as spam.

How does it work?

There are 2 components of DKIM:

  • the DKIM DNS record, which is stored in the DNS records for the domain.
  • the DKIM Email header, which is attached to all emails from the domain.

the DKIM record using public and private key cryptography to authenticate emails. The combination of the DKIM record and DKIM header provide the values for the email server to validate.

Cloudflare has a great in-depth article on this

DKIM DNS Record

At its core, this is just a TXT record with a name and textual content. The Name follows a specific format:

[selector]._domainkey.[domain]

The selector is a value issued by the email provider and is included in the DKIM email header. The domain is your parent domain name.

The content of the TXT record lists the public key that is provided by the email provider.

DKIM Email Header

The sending email server uses the private part of the email key, the body of the email, and other fields to create a signature that the receiving email server can then use the DNS record in combination with the header to verify the authenticity of the email.