DKIM (Domain Keys Identified Mail) is an email authentication method that verifies if an email was sent and authorized by the owner of a domain via a digital signature (DKIM signature).
A DKIM signature is a header component encrypted and added to the email message.
The recipient mail server verifies the DKIM signature and ensures that the email is appropriately signed and that nobody modified the body of the email message and email attachments.
The DKIM signature validation is almost always done at the server level, which means end users don’t see the process. The DKIM identifier is independent of any other header elements (such as the From field).
Two existing specs, Domain Keys (invented by Yahoo) and Identified Internet Mail (developed by Cisco) in 2004, were merged to create the DKIM standard.
It became a widely adopted authentication standard, and it was registered as an RFC (Request for Comments) by the IETF (Internet Engineering Task Force).
All significant email providers (Google Workspace, Microsoft 365, and Yahoo) check incoming messages for DKIM signatures.
How does DKIM work?
The DKIM signature is created by the MTA (Mail Transfer Agent) by generating a unique string of Hash Value characters stored in the listed domain.
Once the email is received, the receiving mail server uses a public key registered in the DNS to verify the DKIM signature.
Mail server decrypts the Hash Value in the header using the public key and then compares it to the hash value received in the email.
If the two signatures match – then it’s likely that nobody altered the email, and it’s a confirmation that it’s legitimate (sent from the original domain).
How to add DKIM records to your domain
If you’re hosting your domain, login in to your hosting control panel.
In our example, we’re using the cPanel control panel.
When logged into cPanel, click on Email Deliverability under the Email section:
Click Manage next to your domain:
Copy the values for your DKIM records, this is our example DKIM record:
Head back to the cPanel’s main page and click Zone Editor under the Domains section:
Click Manage next to your domain:
Next, click Add Record on the right-hand side, and select Add “TXT” Record from the dropdown:
Fill in the copied value under the Name column, and paste the entry from the value DKIM column under the Record column:
Click Add Record to save changes.
You’ve successfully added DKIM to your domain’s DNS zone!