Would you like to know what DKIM is and how it works? This article provides the answer to these and other frequently asked questions on DKIM.
What is DKIM?
DKIM stands for “DomainKeys Identified Mail” and is an e-mail authentication method. Put simply, this method adds a digital signature to e-mails. The recipient’s server can verify this signature with a public key stored in the DNS zone of the sender domain. As a result, the recipient can be sure that the e-mail content is unchanged and that the e-mail originates from an authorized sender. DKIM, along with SPF and DMARC, is an advanced protective measure designed to combat phishing and identity theft.
How does DKIM work?
DKIM is based on an asymmetric encryption method. This means that different keys are used for the creation and validation of the signature – namely a private and a public key. The private key is secret and known only to the mail server of the sender domain. The public key, however, can be accessed in the DKIM record in the DNS zone of the sender domain.
If DKIM is enabled for a domain and an e-mail is sent with this domain, the following process runs in the background:
- Sender: The sender’s mail server uses the e-mail content and other parameters to compute a checksum, also known as a hash value. A digital signature is created from this hash value and the private key and added to the e-mail as a header.
- Transfer: The e-mail is transferred to the recipient.
- Recipient: The recipient’s mail server also computes a hash value from the e-mail content. The mail server then accesses the DNS zone of the sender domain and obtains the public key from the DKIM record. The server uses this public key to check the hash value in the digital signature. Finally, the server compares the hash value it has computed with the hash value from the digital signature.
If both values match, this confirms that the e-mail content is unchanged and that the e-mail comes from an authorized sender.
What advantages does DKIM offer?
The use of DKIM enhances e-mail security as the recipient can be sure that nobody has tampered with the e-mail’s content, and that the e-mail is highly unlikely to come from a forged sender. From the sender’s viewpoint, they can minimize the risk of phishing attacks being carried out in their name. The correct configuration of DKIM also reduces the probability of e-mails unintentionally ending up in the recipient’s spam folder. Overall, DKIM therefore helps increase the security and authenticity of e-mails. Some providers (e.g. Google, Yahoo) already require the use of DKIM when sending emails in bulk.
How is a DKIM record structured?
A DKIM record has the following structure:
20240131-rsa1024-9160ac53._domainkey.ihre-eigene-domain.ch 300 IN TXT "v=DKIM1; k=rsa; h=sha256; p=MIGf.....DAQAB"
Element | Example | Explanation |
---|---|---|
Name |
20240131-rsa1024-9160ac53._domainkey.ihre-eigene-domain.ch |
The name matches the following pattern at Hostpoint: [selector]._domainkey.[domain]
|
TTL | 300 | Time to live (indicates the number of seconds during which the entry is valid) |
Class | IN | Internet |
Type | TXT | DKIM information is stored in a text record. |
Value | "v=DKIM1; k=rsa; h=sha256; p=MIGf.....DAQAB" |
|
For support requests please use this form instead.