§2024-11-02
DKIM, or DomainKeys Identified Mail, is an email authentication method designed to verify that an email message was sent by an authorized mail server and that it has not been altered during transit. It helps protect against email spoofing and phishing.
Here's how it works:
-
Key Generation: The domain owner generates a pair of cryptographic keys: a private key (kept secret) and a public key (published in the domain’s DNS records).
-
Signing the Email: When an email is sent, the mail server uses the private key to create a digital signature for the message. This signature is added to the email header.
-
Verifying the Signature: When the recipient's mail server receives the email, it retrieves the public key from the DNS records of the sender’s domain. It uses this key to verify the digital signature. If the signature matches, it confirms that the email was indeed sent by the domain and that the content hasn’t been tampered with.
-
Policy Enforcement: The recipient's mail server can then decide how to handle the email based on the DKIM verification result. If it fails, the email may be marked as spam or rejected.
By using DKIM, organizations can improve their email security and protect their brand reputation while enhancing email deliverability.