DKIM allows an organization to take responsibility for a message in a way that can be verified by a recipient.

Domain Keys Identified Mail (DKIM)

DKIM allows an organization to take responsibility for a message in a way that can be verified by a recipient. The organization can be a direct handler of the message, such as the author's, the originating sending site's, or an intermediary's along the transit path. However, it can also be an indirect handler, such as an independent service that is providing assistance to a direct handler. DKIM defines a domain-level digital signature authentication framework for email through the use of public-key cryptography and using the domain name service as its key server technology RFC 6376. It permits verification of the signer of a message, as well as the integrity of its contents. DKIM will also provide a mechanism that permits potential email signers to publish information about their email signing practices; this will permit email receivers to make additional assessments of unsigned messages. DKIM's authentication of email identity can assist in the global control of "spam" and "phishing".1

DKIM (DomainKeys Identified Mail) should be instead considered a method to verify that the messages’ content are trustworthy, meaning that they weren’t changed from the moment the message left the initial mail server. This additional layer of trustability is achieved by an implementation of the standard public/private key signing process. Once again the owners of the domain add a DNS entry with the public DKIM key which will be used by receivers to verify that the message DKIM signature is correct, while on the sender side the server will sign the entitled mail messages with the corresponding private key.2


Analysis of Threats Motivating DomainKeys Identified Mail (DKIM)

This document provides an analysis of some threats against Internet mail that are intended to be addressed by signature-based mail authentication, in particular DomainKeys Identified Mail. It discusses the nature and location of the bad actors, what their capabilities are, and what they intend to accomplish via their attacks.3

Common Setups

Google G Suite

Enhance security for outgoing email (DKIM) About DKIM

Microsoft Office365

Use DKIM to validate outbound email sent from your custom domain in Office 365

AWS SES and Amazon Workmail





Setting Up More Secure DKIM Keys

Last edited by MichaelAlber .
Page last modified on Wednesday March 13, 2019 17:37:24 UTC.