DKIM adds a secure signature to your domain to authenticate email sent from users in your company. DKIM is an industry best practice that increases the security of your email domains. DKIM allows an organization to take responsibility for a message ao that it can be verified by the recipient.
- Spend less time removing your domains from blacklists
- Spend less time working with users after they have fallen for phishing attempts
- Increase confidence that emails sent from your users are not fraudulent
DKIM (Domain Keys Identified Mail) enables email providers that receive mail from your domain to verify whether or not messages from your domain are in fact authentic and not fraudulent. This level of email authentication is made possible through the use of public / private key encryption, digital signatures and information stored in your domain's DNS.
How does DKIM work?
When a message is sent from your domain, it is ‘signed’ using the private key and various parts of the message headers and/or content. These parts are specified in the signature.
The receiving mail server of the email message can use the public key specified in your domain’s DKIM TXT record to validate the signature. This DKIM TXT record is added to the dns records of the domain name. If the validation is successful, then the receiver can assume the message came from a legitimate sending domain. If the signature fails, then the receiver can choose whether or not to trust the message.
Each domain will have its own unique DKIM key and signature.
DKIM Record Host: <selector>._domainkey
DKIM Record Value: v=DKIM1; k=rsa; p=<encrypted key>
In addition to validating the original source of the message, these signatures ensure that the message has not been altered in transit by any third parties.