DKIM Records Explained

What is DKIM?

DomainKeys Identified Mail (DKIM) is an authentication standard used to prevent email spoofing. DKIM attempts to prevent the spoofing of a domain that’s used to deliver email.

DKIM employs the concept of a domain owner who controls the DNS records for a domain. When sending email with DKIM enabled, the sending server signs the messages with a private key. A domain owner also adds a DKIM record, which is a modified TXT record, to the DNS records on sending domain. This TXT record will contain a public key that’s used by receiving mail servers to verify a message’s signature. The DKIM public-key cryptography process allows recipients to be confident of a sender’s authenticity.

DKIM Authentication Process

DKIM mail flow

To understand DKIM, it will be useful to understand how an email is sent when DKIM is added to the process. Lets imagine an email is sent from [email protected]. For DKIM to work properly, the following steps take place:

  1. Before sending the message, the sending server signs the email using a private key.
  2. When the message is delivered, the receiving server obtains the DKIM record from the DNS records for example.com.
  3. The receiving server then uses the public key in the DKIM record to verify the message’s signature.
  4. If the DKIM check passes, the receiving server can be confident the message was sent by the address in the return-path and wasn’t altered in transit.
  5. If the DKIM check fails, the message is likely illegitimate and will be processed using the receiving server’s failure process.

While DKIM authentication is an email best practice, it’s important to understand that a DKIM signatures only function is to help verify the senders identity, which is an important factor (although not the only factor) when it comes to email delivery. DKIM cannot be used to verify the contents of an email.

Setting up DKIM can be a complex process. If not done correctly, Internet service providers (ISPs) will block your email, particularly because incorrect implementation is a sign of a spammer.

If you require assistance or clarification regarding anything mentioned in the above article, reach out and receive expert support from the highly skilled technical team here at AOIT. We are dedicated to providing exceptional customer service and will be more than happy to assist you.

To initiate a support request, kindly click the “Request Assistance” button and a member of our team will respond to you within 24 hours.

Thank you for choosing AOIT for your technical support needs.

Similar articles you may find interesting...

Enforced 2FA
Information

Enforced Two-Factor Authentication (2FA)

Starting Monday, November 18th 2024, 2FA will be mandatory for accessing your account. This is necessary because our dashboard allows Single Sign-On (SSO) to server and hosting control panels, it also contains personal details and billing information. Ensuring the security of your data is our top priority.

Read More »
What is DNS
Domains and DNS

What is a DNS and How Does it Work?

What is a DNS? A domain name system (DNS) is a naming database. In this database, internet domain names are identified and translated into Internet Protocol (IP) addresses. The DNS maps the name people use to locate a website to the IP address that a computer uses to locate that website, creating a connection between

Read More »
SSH Keys RSA vs ED25519
Information

SSH Keys Choosing RSA or Ed25519

SSH, or Secure Shell keys have a critical role in modern authentication and encryption when establishing secure connections. By utilising advanced mathematical functions SSH keys ensure that only permitted and trusted users can access remote resources. Within the world of SSH keys there are two main choices for encryption algorithm: RSA and Ed25519. In this

Read More »