Siggly LogoSiggly
Glossary

DKIM (DomainKeys Identified Mail)

DKIM is an email authentication method that allows the sending domain to cryptographically sign outgoing messages. Receiving mail servers verify the DKIM signature against a public key published in DNS to confirm the email was not altered in transit and originates from an authorized sender.

Key Aspects

Cryptographic Signing

Uses public-key cryptography to sign email headers and body, proving message integrity.

Spoofing Prevention

Helps receiving servers verify that the email genuinely came from the claimed domain.

DNS-Based Verification

Public keys are published as DNS TXT records, allowing any receiver to verify signatures.

Deliverability Boost

Emails with valid DKIM signatures are less likely to be flagged as spam.

How DKIM Works

1

Generate Key Pair

The sending domain generates a public/private key pair. The private key is stored on the mail server; the public key is published in DNS.

2

Sign Outgoing Email

When an email is sent, the mail server creates a hash of specified headers and the body, then encrypts it with the private key to produce the DKIM signature.

3

Attach Signature Header

The DKIM signature is added as a DKIM-Signature header to the email before it leaves the sending server.

4

Receiver Verifies

The receiving mail server retrieves the public key from DNS, decrypts the signature, and compares the hash to verify the email was not tampered with.

Frequently Asked Questions

What happens if DKIM verification fails?
A failed DKIM check does not automatically reject the email. However, it increases the likelihood of the message being flagged as spam or rejected, especially when combined with DMARC policies.
Does DKIM encrypt email content?
No. DKIM signs the email to verify integrity and authenticity, but it does not encrypt the message content. For encryption, you need separate protocols like S/MIME or TLS.
Do email signature management tools affect DKIM?
Modifying an email after it has been signed can break the DKIM signature. Siggly applies signatures before DKIM signing occurs, preserving authentication integrity.
How is DKIM different from SPF?
SPF verifies that the sending server is authorized by the domain. DKIM verifies that the email content has not been altered. Together with DMARC, they provide comprehensive email authentication.

Try Siggly Free

Start managing your team's email signatures today.