glossary.categories.securityAcronym

DKIM

DomainKeys Identified Mail

An email authentication method that uses cryptographic signatures to verify message integrity.

Definition

DomainKeys Identified Mail (DKIM) is an email authentication method that uses public-key cryptography to verify that an email message was sent by an authorized sender and hasn't been modified in transit. The sending server signs the message with a private key, and the receiving server verifies the signature using a public key published in DNS.

Examples

DKIM DNS Record

A DKIM public key published in DNS.

; DKIM DNS Record (TXT)
selector._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC..."

; Header in signed email:
DKIM-Signature: v=1; a=rsa-sha256; d=example.com; s=selector;
  c=relaxed/relaxed; q=dns/txt; h=from:to:subject:date;
  bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
  b=AuUoFEfDxTDkHlLXSZEpZj79LICEps6eda7W3deTVFOk4yAUoqOB...

Use Cases

Email message integrity verification

Preventing email tampering in transit

Part of DMARC authentication

Brand protection

Best Practices

Use 2048-bit RSA keys minimum
Rotate DKIM keys periodically
Sign important headers (From, To, Subject, Date)
Test DKIM configuration after setup
Monitor DKIM failures in DMARC reports

FAQ

Related Terms

DMARC

An email authentication protocol that protects against phishing and spoofing.

DKIM is part of DMARC authentication

SPF

An email authentication method that specifies which servers can send email for a domain.

Complementary email authentication

Put DKIM Knowledge Into Practice

Start monitoring your infrastructure with WizStatus.

Get started for free Browse More Terms

No credit card required • 20 free monitors forever