DKIM
DomainKeys Identified Mail
An email authentication method that uses cryptographic signatures to verify message integrity.
Definition
DomainKeys Identified Mail (DKIM) is an email authentication method that uses public-key cryptography to verify that an email message was sent by an authorized sender and hasn't been modified in transit. The sending server signs the message with a private key, and the receiving server verifies the signature using a public key published in DNS.
Examples
DKIM DNS Record
A DKIM public key published in DNS.
; DKIM DNS Record (TXT)
selector._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC..."
; Header in signed email:
DKIM-Signature: v=1; a=rsa-sha256; d=example.com; s=selector;
c=relaxed/relaxed; q=dns/txt; h=from:to:subject:date;
bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
b=AuUoFEfDxTDkHlLXSZEpZj79LICEps6eda7W3deTVFOk4yAUoqOB...Use Cases
Best Practices
- Use 2048-bit RSA keys minimum
- Rotate DKIM keys periodically
- Sign important headers (From, To, Subject, Date)
- Test DKIM configuration after setup
- Monitor DKIM failures in DMARC reports
FAQ
Related Articles
security
Certificate Transparency Logs: Detect Unauthorized Certificates
Learn how Certificate Transparency logs help detect unauthorized SSL certificates. Understand CT monitoring and protect your domains from certificate fraud.
security
How to Get SSL Certificate Expiry Email Reminders
Never let an SSL certificate expire unexpectedly. Set up automatic email reminders for SSL expiration to prevent website security warnings and downtime.
tutorials
HSTS Implementation Guide: Force HTTPS the Right Way
Learn to implement HTTP Strict Transport Security (HSTS) correctly. Complete guide to HSTS configuration, preloading, and avoiding common mistakes.
Put DKIM Knowledge Into Practice
Start monitoring your infrastructure with WizStatus.
No credit card required • 20 free monitors forever