What is DKIM (DomainKeys Identified Mail)?
Turkish: DKIM
DKIM adds a cryptographic signature to email so receiving servers can verify that a domain authorized and preserved the message.
What is DKIM?
DKIM (DomainKeys Identified Mail) is an email authentication standard that adds a cryptographic signature to outgoing messages. It helps receiving mail servers verify that the message was authorized by the sending domain and was not changed in transit.
When a company sends an invoice email from example.com, the receiving mail server can check the DKIM signature against a public key published in DNS. A valid signature provides a strong signal that the message came through authorized sending infrastructure.
How Does It Work?
The sending mail system signs selected headers and body content with a private key. A public key is published as a DNS TXT record under a name such as selector._domainkey.example.com. The receiving server uses the selector value to find the DNS record and verify the signature.
DKIM setup usually considers:
- Keeping the private key secure
- Rotating keys through selectors
- Header and body canonicalization settings
- Ensuring all sending services follow the same domain strategy
- Avoiding signature breakage through forwarding or content-changing intermediaries
Role in Email Security
DKIM does not stop spam by itself; it gives receivers an authentication signal tied to the domain. SPF checks whether the sending server’s IP is authorized, while DKIM focuses on message integrity and domain signature.
SMTP is the protocol that carries email; DKIM adds an authentication layer on top of that transport. When combined with DMARC, it becomes more effective at reducing domain spoofing and phishing risk.
Related Terms
DMARC combines SPF and DKIM results with domain policy and reporting so email senders can reduce spoofing and phishing risk.
SMTP (Simple Mail Transfer Protocol)SMTP is the standard transfer protocol that sends email from clients to mail servers and relays it between servers toward the recipient domain.
SPF (Sender Policy Framework)SPF is an email authentication control that publishes approved sending servers in DNS, helping receivers spot spoofed domain mail.