What Is DomainKeys Identified Mail (DKIM)? And How to Improve Secure Email Deliverability and Prevent Spam

DomainKeys Identified Mail (DKIM) is an email security standard that protects your domain name from email spoofing, ensures emails aren't altered during transit, and prevents outgoing emails from getting marked as spam. DKIM attaches a digital signature to the email and provides a key for destination servers to authenticate the signature.

The DKIM authentication method proves the legitimacy of an email and improves the chances of protecting your domain name from harmful impersonations.

DKIM creates and attaches a digital signature to every outgoing email, which receiving servers use to verify that the message is authentic and hasn’t been altered in transit.

But how can servers confirm the signature is legitimate and not a forgery? The answer is by using cryptography keys. DKIM generates two keys: a private key and a public key.

• The private key is kept on the outgoing email server and provides a signature for outgoing emails.

• The public key is kept on the DNS server, and Internet Service Providers (ISPs) can access it when they receive a DKIM-signed email.

• If the keys match, the email is considered authentic and is delivered to the inbox.

The DKIM authentication method benefits both senders and recipients. Senders can ensure their emails are delivered, while recipients worry less about receiving spoofed emails or other types of spam.

DKIM is important because it prevents email spoofing and ensures message integrity by confirming the content hasn’t been altered in transit. Since spoofing relies on a forged sender address to trick a recipient into thinking the email is legitimate, DKIM can verify the sender's identity.

Email servers can check the DKIM signature to determine if an organization actually sent the email. This verification process lowers the chances of emails getting marked as spam or getting blocked entirely. By adding an email authentication process like DKIM, organizations may see an improvement in email deliverability.

Senders like DKIM because it helps ensure emails are delivered to a recipient's inbox. Recipients like DKIM because it helps keep spam and malicious emails out of their inboxes.

While DKIM helps verify that an email hasn’t been tampered with, it can’t detect compromised accounts or social engineering—areas where behavioral analysis platforms like Abnormal provide critical insight.

A selector is a value within the DKIM signature that points to the location of a public key within the DNS. This allows an email server to authenticate an incoming email by matching it with the correct key. Since domains may have multiple public keys, the selector value ensures recipients find the correct key that matches their DKIM-signed email.

Here is an example of what a DKIM signature looks like:

DKIM-Signature: v=1; a=rsa; c=relaxed/simple; d=sampledomain.com; s=selector; i=support@sampledomain.com

This example contains the following parts:

• v=1: DKIM version used by the outgoing email server

• a=rsa: Algorithm used to generate hash for the private and public keys

• c=relaxed/relaxed: Sets the canonicalization posture for the sending domain

• d=: Email domain of the sender

• s=: Selector value to find the right public key for authentication

• i=: Identity of the sender

A DKIM signature will also include information on the headers included within the message, the value of the body hash generated, and the cryptographic signature.

DKIM is one of three standard email authentication methods. These methods help protect against spoofing and phishing attacks and can also prevent authentic emails from your organization from being marked as spam.

Here is a brief overview of each email authentication method:

• DKIM: Adds a digital signature to outgoing messages whose authenticity is proven with a cryptography key

• Sender Policy Framework (SPF): Identifies servers that are authorized to send messages using the domain name

• Domain-Based Message Authentication, Reporting, and Conformance (DMARC): Sets up a process on what to do with emails if they don't pass DKIM or SPF authentication

SPF, DKIM, and DMARC work together to authenticate and deliver emails. An organization should have all three standard email authentication methods in place but many don't implement these tools. This could become a costly mistake because it increases the risk of employees receiving spoofed emails and phishing scams.

While DKIM is essential to email authentication security, it can only protect so much alone. That's why it's also important to implement SPF and DMARC authentication methods. These tools work together to create a multi-layered approach to validating the authenticity of emails.

Organizations shouldn't rely on built-in security from their email provider. Often, email providers lack the advanced security protocols needed to protect inboxes against modern email threats.

Abnormal uses modern technology to combat the ever-evolving landscape of cybercrimes. It uses behavioral analysis and contextual language clues to detect phishing and other cyberattacks. Our technology can:

• Integrate with the cloud

• Automatically remediate suspicious emails

• Spot suspicious login behavior

• Detect unusual financial requests

• Notice manufactured urgency

Ready to see how Abnormal stops spoofed emails before they reach your users? Request a personalized demo today.