What is DKIM, and Why Should I Use it?

Learn on how to use DKIM to fight spammer, and why use DKIM


Email spoofing is a big issue these days. Innocent email domains are often used in phishing and spam attacks. This can lead to those domains being blacklisted as spammers.

However, there is a technique that can be used to authenticate that the email coming from that domain is actually authorized by the domain owner. DKIM or DomainKeys Identified Mail, is an email authentication method.

DKIM is an Internet Standard which is defined by the below:

RFC 6376

RFC 8301

RFC 8463

How does DKIM work?

Firstly, the mail server administrator needs to generate a public-private key pair. This can be generated by using a tool such as ssh-keygen on Linux or PuTTYgen on Windows.

Then, the admin needs to create a DKIM TXT record in the DNS using the public key as well as a simple user-defined text string, called a selector.

The final step in the setup is to configure the mail server to use the private key to send out a DKIM signature inside each email sent.

When the recipient mail server or ISP receives the emails, they can verify the authenticity by matching the signature against the public key stored in the DKIM TXT record in the DNS.

For more details on configuring DKIM, see the related article below:

Why should I use DKIM?

DKIM signatures are usually not visible to the end users. They are affixed or verified by the infrastructure rather than the message’s authors and recipients. This means it’s harder to tamper with the signature.

In addition, it can also be used to verify that the content of the email has not changed since the signature was generated. Since the private key is never exposed to the general public, it would be impossible for someone to generate the right DKIM signature that matches the public key.

With this protection against content tampering and having the originating email domain authenticated, mail server admins can rest easy that spam or phishing emails bearing their domain name will not get through to the end users.

When ISPs detect that DKIM is configured for your domain, they will trust that any DKIM authenticated emails are really from you. In other words, your email domain will experience less bounce as more of your emails are able to pass the anti-spam scrutiny by the recipient mail servers. Your domain reputation will increase which will help you with your email marketing efforts.

Last but not least, DKIM is also used as part of another authentication method called DMARC. DMARC which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol.

To learn more about configuring DMARC, read the below page:


DKIM is a powerful tool in the mail server administrator’s arsenal to help combat spammers abusing your email domains for illegal purposes. Email domain reputation is vital these days to prevent being blacklisted and as such must be protected as much as possible. Your emails will NOT get through to your audience. Your ROI will suffer if your customers never see your marketing materials.

Configure DKIM today, if you haven’t done so. Ensure the peace of mind that comes from knowing that your emails cannot be tampered with or forged. To fully protect your domain, consider using DKIM and DMARC together for the best possible protection.

Was this article helpful?

Related Articles