DKIM (DomainKeys Identified Mail)

DKIM (DomainKeys Identified Mail) is an authentication method that adds a cryptographic signature to each email so receivers can verify it truly came from your domain and was not altered in transit.

In depth

The sending server signs selected headers and the body with a private key. The matching public key is published in DNS under a selector. The receiving server fetches that key, recomputes the signature and confirms the message is intact and authorized. Unlike SPF, DKIM survives forwarding, because the signature travels with the message rather than depending on the connecting IP.

Example

An email carries a DKIM-Signature header with d=example.com; s=mail1; the receiver reads the key from mail1._domainkey.example.com to validate it.

Related terms

See our full email marketing glossary or the complete email marketing guide.