DKIM (DomainKeys Identified Mail)
A cryptographic email authentication method that verifies an email was sent by an authorized server and wasn't altered in transit.
DKIM adds a digital signature to the header of each outgoing email. The receiving server can verify this signature against a public key published in the sender's DNS records.
How it works: 1. The sending server signs the email with a private key 2. The signature is added to the email header as a DKIM-Signature field 3. The receiving server retrieves the public key from DNS 4. The signature is verified to confirm the email hasn't been tampered with
Why DKIM matters:
- Proves the email really came from your domain
- Confirms the message wasn't modified in transit
- Improves deliverability by building trust with ISPs
- Required for DMARC alignment
DKIM keys should be rotated periodically (every 6-12 months) for security.
Related Terms
SPF (Sender Policy Framework)
A DNS record that specifies which mail servers are authorized to send email on behalf of your domain.
DMARC (Domain-based Message Authentication)
A protocol that tells receiving servers what to do when SPF or DKIM checks fail for your domain.
Sender Reputation
A score assigned by ISPs to your email sending domain/IP that determines whether your emails reach the inbox.
Related Blog Posts
Want to learn more?
Read our in-depth blog posts on email verification and deliverability.