DomainKeys Identified Mail, or DKIM is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain
It uses asymmetric cryptography mechanism to add digital signature to the header of your outbound emails , allowing you to sign your email with your domain name to protects against phishing, email spoofing, and email spam. This lets receiving servers verify that messages aren’t forged, and weren’t changed during transit.
How does DKIM work?
DKIM relies on asynchronous encryption that means it allows you to use a private/public key pair.
- The private key (which is unique to your domain and available exclusively to you. It allows you to encrypt your signature in the header of your messages.)
- The public key (which you add to your DNS records using DKIM standard, in order to allow your recipient’s server retrieve it and decrypt your hidden signature from the header of your message).
When a message is sent by an outbound mail server, the server generates and attaches a unique Private DKIM signature to the email message header. The signature is generated in a unique textual string called a “hash value” and is encrypted with a private key.
When the recipient’s inbound mail server receives an email, it runs a DNS query to search for the sender domain’s public key. The inbound server then uses this key to detect and decrypt the message’s DKIM signature in header of the message and perform the authenticity of email.
If Public key matches with Private key – DKIM validation checks pass
If Public key does not match with Private key – DKIM validation checks failed
Why should you use DKIM?
The main function of a DKIM record is to verify the authenticity of the sender. Below are the Benefits of DKIM which performs the major role in email validation.
- It protects the message integrity.
Adding a DKIM digital signature to your messages helps verify that the message is from your domain, and that it hasn’t been altered in transit. This protects your recipients from spoofing attacks, where someone could send malicious or spammy messages on your behalf.
- Improves Delivery Performance
Digital signature signed emails are more trustworthy and helps to prevent real emails from being classified as spam and improves email deliverability.
- DKIM Allows Recipients to Trust Your Email
DKIM signature lets your recipient know that your message came from an authentic and legitimate domain thus builds the trust with your email vendor/partner. It also ensures that recipient will not be the part of spoofing attack
DKIM Setup: How to configure DKIM in 3 simple steps.
- Generate the key pair(Private key and Public key) on outbound email server
- Placing the public key as a TXT record in the DNS panel. Some DNS providers are more difficult to set up/navigate than others. Our ProDMARC Support team will gladly assist you along the way.
- Generate and Save the DKIM-Signature. Ensure email delivery by applying a unique signature to your messages.
Make sure to confirm that all of your outgoing domains adhere to the DKIM protocol if your business sends emails from third-party providers. Let us know how we can assist your company in achieving 100% DKIM compliance (as well as SPF and DMARC compliance).
Below are the DKIM configuration settings for some of the authorized emailing platforms:
- Cisco Ironport(ESA)
- Gsuite Admin panel
- Microsoft Dynamics 365
- On-Prem Exchange Server
- Microsoft Office 365 exchange online
- Symantec cloud
- Salesforce cloud
- Forcepoint cloud
- SAP SuccessFactors
- Oracle Dyn
- Network solution
- Rackspace cloud