DomainKeys Identified Mail (DKIM)

Allen.D · May 17, 2023, 8:08pm

DomainKeys Identified Mail (DKIM) stands as a crucial email validation system, purposed for the prevention of email spoofing. By integrating a digital signature within an email’s headers, DKIM assists in verifying the email’s authenticity, ensuring it originates from its declared domain and remains unaltered during transmission. The purpose of this article is to give basic information about DKIM records

The Mechanism of DKIM

When an email is sent from a domain that implements DKIM, the outgoing server automatically adds a digital signature within the email’s headers. This signature is an encoded version of the email’s content, generated using a private key uniquely known to the sender.

Upon receiving the email, the incoming mail server begins the process of signature verification. To perform this, the server retrieves the sender’s public key stored in the domain’s DNS records. With this public key, the server decodes the received hash value embedded in the email header. Simultaneously, the server also creates a new hash value based on the received email message. A match between these two hash values indicates the email’s integrity during transit and confirms the email’s origination from the declared domain.

DKIM Record

The DKIM record is a DNS TXT record that contains the public key. This key is used by the incoming server to decode the DKIM signature. Typically, the name (or location) of this record adopts a format such as selector._domainkey.yourdomain.com. The selector is a string chosen by the domain owner, allowing for multiple keys to be associated with a single domain. DKIM record example:

Name: default._domainkey.yourdomain.com
Type: TXT
TTL: 3600
Value: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;

Syntax descriptions

tag	descriptions
k=rsa	This indicates the key type. RSA is a commonly used public-key algorithm.
p=	This is the public key that will be used by the recipient server to verify the DKIM signature.

When it comes to adding the DKIM record you will need to consult with your SMTP email provider to get the DNS record name along with the key type and public key value.

If you have any questions or encounter issues, please don’t hesitate to reach out to [email protected].