What is DKIM?

There are three important tools in your e-mail server that are nice to know; DMARC, SPF and DKIM. In this article we will go into a little more detail about what DKIM is and hopefully make you a little more wise on the topic. Even though it's a bit more advanced, it'll help you make your awareness traning even better.

DKIM - what is it?

DKIM stands for DomainKey Identified Mail and is a way of authenticating emails. When it's active in your e-mail, it adds a digital signature to all the e-mails you send - verifying that it's actually you sending the email. The digital signature is invisible to both sender and recipient, but the recipient's DMARC can identify and validate the email from the digital signature.

DKIM, as well as SPF and DMARC, are completely free programs that are either already installed for your e-mail, or you can easily get it. It is an extra layer of security to your e-mail address, so that hopefully you only receive e-mails from people you know, or want e-mails from.

DKIM is a bit more superior to SPF because it can review email forwarding - which SPF cannot.

How does it work?

The digital signature that DKIM generates is created by the MTA (Mail Transfer Agent). It creates a unique string of characters, also called Hash Value. The hash value is stored in a domain - so, after the system receives an email, it can verify the DKIM signature using a public key registered with the DNS (Domain Name System, which is located on an IP-based data network).

The DKIM signature then uses the key to decrypt the hash value in the header (of the email address) - then the hash value of the email received by the system is calculated. There are therefore two DKIM signatures in play. And if the two signatures match, then the MTA also knows that the email has not been modified or altered by a third party.

Therefore the users, i.e. the sender and the recipient, knows that the e-mail has been sent from a legitimate source.

Why should I use DKIM?

There are two areas where DKIM helps you. When you receive an e-mail and when you send an e-mail.

• When you receive an e-mail, the email you get is automatically checked by mail servers. They check if there is a digital signature, which also has to be validated by the tools (DMARC, SPF and DKIM). If the e-mail cannot pass the check from the tools, then it will typically end up in your spam folder.

This is how you are protected from spam and unwanted e-mails - the system knows that there are different characters, domains and text it needs to be aware of, and possibly sort out. Therefore, the risk of phishing attacks is reduced because you have that extra layer of security.

• When you send e-mails, DKIM adds an invisible signature that verifies that it's actually you sending it. This means that the likelihood of your email ending up as spam with the recipient is significantly lower because you have validation with the signature.

In addition, the digital signature also means that your domain can be protected from malicious e-mails and hackers impersonating you.

It is thus an advantage to have DKIM linked to your e-mail because:

• You prohibit changes to your sent emails
• You avoid spam filters
• You stop domain spoofing
• Your email is verified, so recipients know it's actually your domain sending the email.

However, it should be noted that DKIM verifies your domain name and not your domain name. This means that if you leave your computer and someone can access your e-mail and send from it, DKIM cannot not send e-mail because it has verified your domain name. To verify you, you need personal verification, which only you can access.

It's a bit of a mouthful to get your head around e-mail validation and management, but fortunately it's almost just the three tools that should do the job for you. We also have posts on both DMARC and SPF if you'd like to read more about them.