What is RFC 6376 (DKIM)?

RFC 6376 defines DomainKeys Identified Mail (DKIM), an authentication mechanism that allows senders to cryptographically sign messages. Recipients can verify signatures to confirm the message was authorized by the signing domain and was not modified in transit.

The RFC specifies signature format (using the DKIM-Signature header), key publication in DNS, canonicalization algorithms that prepare messages for signing, and verification procedures. It defines which headers should be signed and how to handle signature failures.

DKIM is fundamental to modern email authentication, providing domain level verification that complements SPF's IP based approach. DMARC builds on DKIM signatures to create comprehensive authentication policies.