What is DKIM?

DKIM, also known as DomainKeys Identified Mail, is an authentication protocol defined in RFC 6376 that proves a message really came from the domain it claims to come from and that its content was not altered along the way.

It works by attaching a cryptographic signature to the message headers. Receiving servers fetch the sender’s public key from DNS and verify the signature. If everything matches they know the message is authentic.

Think of DKIM as the wax seal of the email world. When the ship arrives at the harbor the seal tells the inspector that the letter has not been opened or tampered with during the journey.