What is DKIM?

what is dkim

The two main email authentication standards are sender policy framework (SPF) and DomainKeys Identified Mail (DKIM). Since we have a blog dedicated to SPF, we’ll use this blog as an ode to DKIM! Let’s get started.

What is DKIM?

DomainKeys Identified Mail (DKIM) is an email authentication mechanism allowing the recipient mail server to see if a message has been altered during transit. DKIM is an open standard similar to SPF that helps combat malicious actors from spamming, spoofing, and phishing.

How does DKIM Work?

In its simplest form, DKIM is an authentication protocol to better ensure the email received is the same as the email sent. The receiving server checks, then verifies an encrypted signature left on the message by the sending server to ensure the message arrived in the same form it was sent.

DKIM Header and Signature

There are a number of tags available to authenticate different aspects of an email message.

The follow is an example of a DKIM signature:

Here’s a breakdown of the tags used in the example:

  • v = The version of the DKIM specification being used to sign the message
  • a = The algorithm used to generate the signature
  • d = The domain of the signing entity
  • s = The selector used in the public key
  • c = The canonicalization algorithm, the method by which the headers and content are prepared for presentation to the signing algorithm
  • q = The query method(s) used to retrieve the public key
  • i = The identity of the user or agent (e.g., a third party) on behalf of which this message is signed
  • t = Signature timestamp. The format is UNIX time format
  • h = A colon-separated list of header field names that identify the headers in the email message. The values in this tag MUST contain the complete list of headers in the order presented to the signing algorithm
  • bh = The hash of the canonicalized body part of the message
  • b = The signature data or public key, encoded as a Base64 string

What is the Purpose of DKIM and Do I Need It?

First things first: Yes, you need it. If you send high-volume transactional or marketing email, you should absolutely configure SPF and DKIM, and now, with mandates from Google and Yahoo, set up DMARC to further define and protect your authentication policy. Email authentication is important because it not only helps secure your email from bad actors and protect your recipients, but implementing the necessary authentication protocols also helps improve your email deliverability. The more secure your email is, the more likely the mailbox providers are to get your email to the inbox.

Need Help?

Good news! SocketLabs Email customers enjoy super simple authentication set-up. Plus, we have real email experts on our team to provide additional assistance if you need it. If you’re ready to experience reliable, affordable, and secure email, you can start a free trial today!