DKIM

DKIM stands for DomainKeys Identified Mail. It is an authentication method that aids in the prevention of spam emails, domain spoofing and phishing scams. It protects both email senders and recipients by adding an encrypted signature to the header of the email. Recipients can verify that the email came from the organisation that claims to be the sender by checking the email’s DKIM signature against the one registered to the genuine sender.

DKIM employs a technique known as ‘public key cryptography’ to ensure that an email message was sent from an approved mail server. This public key technique prevents spam and phishing emails by verifying the identity of the sender.

SMTP (Simple Mail Transfer Protocol), the standard protocol used to send emails, does not have any built-in method for authenticating the identity of the sender. Augmenting SMTP with DKIM helps to increase the overall security of your email communications.

DKIM works by adding a digital signature to the header of an email message. That signature can be validated against a public cryptographic key in the organisation’s Domain Name System (DNS) records. In general terms, the process works like this:

• The owner of a domain adds a public key to their domain’s DNS records.
• When an email is sent from that domain, a DKIM signature is added to the message’s header.
• The recipient’s mail server looks up the sender’s public DKIM key by checking the associated DNS record. If they match, the email is deemed to be genuine, and its delivery is permitted.

If you’re a company that sends commercial emails, you should absolutely use a reliable method to authenticate your identity. Properly configuring your email authentication and securing your ingoing and outgoing email is not as simple as just implementing a DKIM key though. To be fully secure, you should also implement a sender policy framework  and domain-based message authentication reporting and conformance. Carden IT Services can assist with all aspects of your email security.