DomainKeys Identified Mail (DKIM) is an email authentication mechanism that is deployed to prevent emails from being tampered with in transit. DKIM is widely adopted by businesses to protect their emails from spoofing and phishing attacks.
How DKIM works
DKIM uses the "Public key cryptography" technique to ensure that the email message was not modified during transit. When an email is to be sent by an outbound server, it will add a DKIM signature to the email. The DKIM signature contains a hash value that is generated by encrypting the the email message and headers using a private key. The DKIM signature also contains the names of the headers that were used to create the hash value. The email is sent after adding the DKIM signature to the email.
The recipient server will extract the DKIM signature and perform a DKIM lookup for the domain present in it. As a result, the DKIM public key will be fetched. The receiving server will decrypt the hash value using the public key and compare the email message and headers present in the decrypted hash value with the email message and headers present in the email that was received. The email will pass DKIM if both values match.
More about a DKIM record
Sample DKIM record:
k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBMuSsLsy
k - Indicates the algorithm that is used
p - Public key
Sample DKIM signature:
DKIM-Signature:
v=1; a=rsa-sha256; d=example.com;s=selec1; c=relaxed/relaxed; h=from:to:subject:date; bh=MHIzKDU2Nzf3MDEyNzR1Njc5OTAyMjM0MUY3ODlqBLP=;
b=hyjCnOfAKDdLZdKIc9G1q7LoDWlEniSbzc+yuU2zGrtruF00ldcFVoG4WTHNiYwG
v - The version of the DKIM signature
a - Algorithm used to create the hash value
c - The type of canonicalization used for header and body
s - Selector
d - Domain used for signing
h - Headers that are signed
bh - Hash value of the email body
b - Hash value of signed headers
Benefits of implementing DKIM
A sender domain will start earning reputation from mailbox providers and anti-spam services only when DKIM is implemented
- DKIM earns the trust of mailbox providers and antispam services
- Improves email deliverability
- Protects your emails from phishing and spoofing attacks