DKIM is the acronym for DomainKeys Identified Mail. It is an authentication protocol used to validate the senders domain names with email messages. DKIM protocol allows email senders to identify the domains that belong to them, thus protecting their brand and reputation.
DKIM uses cryptographic authentication by inserting a digital signature into the email message header which is later verified by the receiving host to validate the authenticity of the senders domain. The DKIM digital signature is created using a unique string of characters encrypted as the public key and stored in your DNS. When a recipient gets your email signed by DKIM, the public key is retrieved from the DNS Records of the sender and is decrypted to authenticate the senders domain.
Benefits of DKIM
- Helps in controlling phishing, since the digital signature confirms the sender's identity
- It maintains a blacklist to identify spammers and questionable domains
- DKIM increases email deliverability. Emails have a higher chance of ending up in the users inbox since the user knows it is coming from a trusted source
Creating a DKIM Record
- Identify domains: Make a list of domains that would be sending outbound emails
- Create public/private keys: The ‘public’ key will be used in your public-facing DNS TXT record along with what’s called a ‘policy record’. The ‘private’ key will be used on your sending MTA (Mail Transfer Agent / Relay). The sending MTA will add the private key to the email message header for identification and validation by the receiving domain (mail client) by way of the public key. Most hosting service providers will help you create DKIM records using guided wizards / tools.
- Create TXT Record: Using the DKIM information generated by tools / wizards, create the TXT record in the public-facing DNS record. Note that you need to create DKIM records for each of the sending domains you have identified earlier.
- DKIM Supported by MTA: Be sure that your sending MTA supports DKIM records. If not, upgrade your MTA to support DKIM
Limitations of DKIM Records
DKIM verifies only the senders identity but does not verify the message content. Since email content is also one of the important factors of email delivery, DKIM does not completely guarantee high inbox deliverability. Another issue with DKIM records is that because it’s more difficult to implement, fewer senders have adopted it. This means that the absence of a DKIM signature does not necessarily mean that the email is fraudulent.
For more information on DKIM records, you can always visit: http://www.dkim.org/