How does DKIM work?

DKIM works by signing specific headers and the message body with a private key stored by your mail system. The recipient retrieves the matching public key from DNS and verifies the signature.

If the signature is valid, it confirms two things:

The domain authorized the message.

The content was not modified.

It is a two part system much like matching a captain’s signature against the official registry at the harbor.