Service status External connectivity status Startups Support center

What is DKIM (DomainKeys Identified Mail)?

DomainKeys Identified Mail or DKIM is an email security standard that helps detect if the emails were tampered with in transit between sender and receiver.

How does DKIM work?

DKIM works in three steps:

Next, the sender’s email platform creates a hash of the fields included in the DKIM signature. Then it is encrypted with a private key only accessible to the sender.

The email gateway or consumer mailbox provider approves the DKIM signature after sending the email. It must locate the public key that is identical to the private key. After that, the DKIM signature is decrypted back to its initial hash string.

What is a DKIM record?

The DKIM record saves the public key the receiving mail server will use to check and verify a message’s signature — a name, version, key type, and the public key from the DKIM record.

Can I have multiple DKIM records?

Yes, each DKIM key has a different DKIM selector added to a message’s DKIM signature that tells the receiving server which DKIM key to validate.

Multiple DKIM records are employed if your organization uses several servers to send emails on behalf of their domain name or uses “DKIM key rotation” to remove the risk of compromised DKIM keys.

Why is DKIM important?

DKIM confirms your legitimacy as a sender. It helps you build a long-term reputation. In combination, DKIM, SPF, and DMARC help you prevent email spoofing.