Glossary
Email

DKIM (DomainKeys Identified Mail)

An email authentication method that adds a digital signature to verify message authenticity.

DKIM adds a cryptographic signature to your outgoing emails. Receiving servers can verify this signature to confirm the email wasn't modified in transit and came from an authorized sender.

How DKIM Works:

  1. Your email server has a private key
  2. Each outgoing email is signed with this key
  3. The signature is added as an email header
  4. You publish the public key in DNS
  5. Receiving servers verify the signature

DKIM Record Structure:

Type: TXT
Host: selector._domainkey
Value: v=DKIM1; k=rsa; p=MIIBIjANBgkqh...

Key Components:

  • Selector: An identifier (like "google" or "s1")
  • v=DKIM1: Version identifier
  • k=rsa: Key type (RSA is standard)
  • p=: The actual public key

Setting Up DKIM:

Google Workspace:

  1. Admin Console → Apps → Gmail → Authenticate email
  2. Generate DKIM key
  3. Add the provided TXT record to DNS
  4. Start authentication

Microsoft 365:

  1. Microsoft 365 Defender → Policies → DKIM
  2. Select domain
  3. Add the CNAME records provided
  4. Enable DKIM signing

Why It Matters

DKIM proves your emails are legitimate and unmodified. Without it, your emails are more likely to land in spam folders or be rejected entirely. It's a critical component of email deliverability.

Practical Example

When Google Workspace sends email from your domain, it adds a DKIM signature. Gmail's servers can verify this signature by checking your DNS, confirming the email is really from you.

Related Terms

DMARC (Domain-based Message Authentication)

Email

An email protocol that builds on SPF and DKIM to prevent email spoofing.

SPF (Sender Policy Framework)

Email

An email authentication method that specifies which servers can send email from your domain.

Explore More Terms

Browse our complete glossary of domain name terminology.

View GlossaryDomain Generator