What is DKIM?
DMARC Advisor
The new standard to implement DMARC! Protect your domains against email abuse and phishing with DMARC Advisor.
In this article, we answer the burning ‘What is DKIM’-question. We also explain how DKIM works and talk about the importance of authenticating emails with this domain key. Lastly, we advise about the best form of email security.
What is DKIM?
DKIM is an email authentication method
When Yahoo’s ‘Enhanced DomainKeys’ and Cisco’s ‘Identified Internet Mail’ combined forces in 2004, it changed to what is now known as DKIM. This quickly became a much-used standard and stands for ‘DomainKeys Identified Mail’. Cisco proposed Identified Internet Mail as a signature-based mail authentication standard. Yahoo designed DomainKeys to verify the DNS domain of an email sender and the message’s integrity.
Difference between DKIM and SPF
Where?SPF?verifies the sender of an email, DKIM authenticates the message itself, by informing the receiving servers that the message coming from a sending domain must have a signature that matches the public key saved in a DKIM record in the DNS of that sending domain. So yes, you could say that DKIM works as the digital signature of your email
Simple Explanation DKIM and Email
The best example of showing the difference between the two standards is a mailman. Imagine receiving a letter: a mailman is a person authorized to deliver the letter to you (SPF). When you receive the letter, it is – hopefully – still sealed or unopened (DKIM). Sometimes it happens that the mailman is not authorized (forwarding). But since the letter still has a seal, you can be sure that the content of the letter is still original and not tampered with.
How does DKIM work?
DKIM uses cryptographic keys to generate and verify digital signatures
DKIM now automatically adds a so-called signature header to every outgoing email. Basically, that’s a piece of code that works like a seal. This header contains the private key and a selector.?The public key of the domain can be found within the DKIM record, in the DNS.
DKIM Selectors tell the server of the recipient exactly where to find the Public Key in the DNS of your domain. With this information, their server does a lookup, to see if your Public Key and Private Key match. When they match, the email arrives in the intended inbox. If they do not, the message goes straight to the spam folder or bounces.
Does DKIM work without DMARC?
This is a question we get asked frequently. Yes, DKIM works without DMARC. The function of DMARC is to visualize the outgoing email flows of your sending domains. Without DMARC, data regarding your DKIM-compatible email simply wouldn’t be visible. But that doesn’t mean DKIM doesn’t work.
Do you need DKIM if you have SPF implemented?
This is another question we get asked frequently. And the answer is: it depends. SPF and DKIM are two different email standards, which work best when both are implemented correctly. As we have mentioned earlier, DKIM works as the authentication/seal of a letter, whereas SPF is the authentication of the postman, delivering the letter. So if you are comfortable enough to only implement SPF on your outgoing email – which we do not recommend – that’s completely up to you. At least you are using some sort of email authentication.
We at DMARC Advisor believe that – based on our experience – that DKIM is the more preferable email authentication standard above SPF. This is because of the fact that DKIM survives forwarding, as long as the email itself isn’t altered.
Very important to know; DKIM only isn’t safe enough to be protected against spoofing because it verifies that the content of the email has not been altered in transit and that the message was sent by an authorized sender of the domain. It does not verify that the sender’s email address is legitimate or that the sender is authorized to use that email address.
What are the benefits of implementing DKIM?
As always: if you have any further questions about DKIM records or anything connected to DMARC, feel free to?contact us.