DKIM (DomainKeys Identified Mail) is a cryptographic authentication method used to verify the authenticity of email messages. It helps prevent email spoofing and phishing by allowing the recipient’s email server to check whether an incoming email message has been sent from a legitimate sender and has not been tampered with during transit.

To set up DKIM, the sending domain owner adds a DKIM record to their DNS (Domain Name System) zone. This record contains a public key that is used to encrypt a digital signature added to the email message’s header. The recipient’s email server can then use the public key in the DKIM record to decrypt the signature and verify that the message has not been altered since it was signed.

The DKIM record typically includes the following components:

  1. Selector: A unique identifier for the DKIM key pair used to sign the email messages. It allows multiple DKIM keys to be associated with a single domain.
  2. Domain: The domain for which the DKIM record is being set up.
  3. Public Key: The actual public key used to verify the email’s signature.
  4. Key Length and Algorithm: Specifies the cryptographic algorithm and key length used for the DKIM signature.

Here is an example of a DKIM record:

selector1._domainkey.example.com.   IN   TXT   "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQIDAQAB"

In this example:

  • “selector1” is the selector used by the DKIM key pair.
  • “_domainkey.example.com.” is the domain associated with the DKIM record.
  • “v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQIDAQAB” specifies the version of DKIM, the encryption algorithm used (RSA), and the public key value.

To properly configure DKIM, the sender’s email server must use the private key corresponding to the public key in the DKIM record to sign outgoing email messages. The recipient’s email server can then retrieve the public key from the DKIM record to verify the authenticity of the message.

DKIM records play a crucial role in email authentication, helping organizations improve the deliverability of their legitimate emails and reduce the likelihood of their emails being marked as spam or phishing attempts.