DKIM Explained

Back to Insights
DKIM Explained

DKIM (DomainKeys Identified Mail) is an email authentication measure to verify that messages were not manipulated on their journey between sender and recipient. Think of a wax seal that’s used to stamp letters – if the seal is broken when the recipient receives the message, its contents are no longer trustworthy. DKIM is a modern version of this security measure, used in email communication.

When one person sends an email to another, the mail can be intercepted and have its details, such as the sender’s name, date or body of the message changed, without the sender or recipient knowing. To prevent this, DKIM will encrypt or sign the message with a code, similar to the one in the image below.

It is impossible to intercept and alter the email without breaking this code and alerting the receiving server that the email is untrustworthy. When emails are delivered and the code, or wax seal, is still intact, the recipient can have full confidence that the message hasn’t been tampered with.

A separate record, called DMARC, determines what then happens to an email that DKIM has identified as untrustworthy. The email can be quarantined, deleted or sent anyway, depending on your DMARC policy.

The Impact of DKIM

  • Verifies the trustworthiness of an email, authenticating emails sent from your domain.
  • Makes an email far less likely to be deleted or sent to a spam folder.
  • Improves the reputability of your domain, which in turn improves deliverability.
  • Stops email marketing metrics being skewed as a result of undelivered emails.

Undelivered email is a big problem that marketers face, with around 20% of commercial emails not reaching the intended inbox. DKIM helps to prevent this by authenticating the emails that are sent out from your domain. DKIM also prevents spoofing and phishing attempts that can harm a company’s reputation and email deliverability.