What Is DKIM?

SkyStra
Dec 12, 2020

DKIM (Domain Keys Identified Mail) is an email authentication method that verifies if an email was sent and authorized by the owner of that domain via a digital signature (DKIM signature). DKIM signature is a header component encrypted and added to the message.

The recipient mail server verifies the DKIM signature and ensures that the email is appropriately signed and that nobody modified the body message and attachments.

The DKIM signature validation is almost always done at the server level, so end users don’t see the process. The DKIM identifier is independent of any other header elements (such as the From field).

Two existing specs, Domain Keys (invented by Yahoo) and Identified Internet Mail (developed by Cisco) in 2004, were merged to create the DKIM standard. It became a widely adopted authentication standard, and it was registered as an RFC (Request for Comments) by the IETF (Internet Engineering Task Force). 

All significant email providers (Google, Microsoft, and Yahoo) check incoming messages for DKIM signatures.

How Does DKIM Work?

The DKIM signature is created by the MTA (Mail Transfer Agent) by generating a unique string of Hash Value characters stored in the listed domain. Once the email is received, the receiving mail server uses a public key registered in the DNS to verify the DKIM signature. Mail server decrypts the Hash Value in the header using the public key and then compares it to the hash value received in the email. If the two signatures match – then it’s likely that nobody altered the email, and it’s a confirmation that it’s legitimate (sent from the original domain).

How To Add DKIM Records

Log in to your cPanel control panel, and click Email Deliverability under the Email section:

Click Manage next to your domain:

Copy the values for your DKIM records, this is our example DKIM record:

Head back to the cPanel’s main page and click Zone Editor under the Domains section:

Click Manage next to your domain:

Next, click Add Record on the right-hand side, and select the Add “TXT” Record option:

Fill in the copied value under the Name column, and paste the entry from the value DKIM column under the Record column:

Click Add Record to save changes.

That’s it!