DomainKeys Identified Mail (DKIM): Improve Secure Email Deliverability and Prevent Spam

DomainKeys Identified Mail (DKIM) is an email security standard that protects your domain name from email spoofing, ensures emails aren't altered during transit, and prevents outgoing emails from getting marked as spam. DKIM attaches a digital signature to the email and provides a key for destination servers to authenticate the signature.

The DKIM authentication method proves the legitimacy of an email and improves the chances of protecting your domain name from harmful impersonations.

How Does DKIM Work?

DKIM creates and attaches a digital signature to every outgoing email. This signature verifies the email is authentic to the receiving email server.

But how can servers confirm the signature is legitimate and not a forgery? The answer is by using cryptography keys. DKIM generates two keys: a private key and a public key.

  • The private key is kept on the outgoing email server, and its purpose is to provide a signature to outgoing emails.

  • The public key is kept on the DNS server, and Internet Service Providers (ISPs) can access it when they receive a DKIM-signed email.

  • If the keys match, the email is ordained as authentic and is delivered to the inbox.

The DKIM authentication method is beneficial for both senders and recipients. Senders can ensure their emails are delivered, while recipients worry less about receiving spoofed emails or other types of spam.

Why Is DKIM Important in Cybersecurity?

With DKIM authentication, organizations can increase email deliverability and reduce email spoofing.

Senders like DKIM because it helps ensure emails are delivered to a recipient's inbox. Recipients like DKIM because it helps keep spam and malicious emails out of their inboxes.

Email servers can check the DKIM signature to determine if an organization actually sent the email. This verification process lowers the chances of emails getting marked as spam or getting blocked entirely. By adding an email authentication process like DKIM, organizations may see an improvement in email deliverability.

Email spoofing is a common phishing attack, and DKIM is notable for helping prevent spoofing. Since spoofing relies on a forged sender address to trick a recipient into thinking the email is legitimate, DKIM can verify the sender's identity.

What Is a DKIM Record?

A DKIM record is stored in the DNS and consists of a modified TXT record. The TXT record contains the public key used to verify a DKIM-signed email.

What Is a DKIM Selector?

A selector is a value within the DKIM signature that points to the location of a public key within the DNS. This allows an email server to authenticate an incoming email by matching it with the right key. Since domains may have multiple public keys, the selector value ensures recipients are finding the correct key which matches their DKIM-signed email.

Here is an example of what a DKIM signature looks like:

DKIM-Signature: v=1; a=rsa; c=relaxed/simple;; s=selector;

This example contains the following parts:

  • v=1: DKIM version used by the outgoing email server

  • a=rsa: Algorithm used to generate hash for the private and public keys

  • c=relaxed/relaxed: Sets the canonicalization posture for the sending domain

  • d=: Email domain of the sender

  • s=: Selector value to find the right public key for authentication

  • i=: Identity of the sender

A DKIM signature will also include information on the headers included within the message, value of a body hash generated, and the cryptographic signature.

How Does DKIM Work With SPF and DMARC?

DKIM is one of three standard email authentication methods. These methods help protect against spoofing and phishing attacks. It can also help prevent authentic emails from your organization from getting marked as spam.

Here is a brief overview of each email authentication method:

  • DKIM: Adds a digital signature to outgoing messages whose authenticity is proven with a cryptography key

  • Sender Policy Framework (SPF): Identifies servers that are authorized to send messages using the domain name

  • Domain-Based Message Authentication, Reporting, and Conformance (DMARC): Sets up a process on what to do with emails if they don't pass DKIM or SPF authentication

SPF, DKIM, and DMARC work together to authenticate and deliver emails. An organization should have all three standard email authentication methods in place but many don't implement these tools. This could turn into a costly mistake because it increases the risk of employees receiving spoofed emails and phishing scams.

Traditional Email Security vs. Abnormal Security

While DKIM is an important aspect of email authentication security, it can only protect so much alone. That's why it's important to also implement SPF and DMARC authentication methods. These tools work together to create a multi-layered approach to validating the authenticity of emails.

Organizations shouldn't rely on built-in security from their email provider. Oftentimes, email providers don't have the advanced security protocols needed to protect inboxes against modern email threats.

Abnormal Security uses modern technology to combat the ever-evolving landscape of cybercrimes. It uses behavioral analysis and contextual language clues to detect phishing and other cyberattacks. Our technology can:

  • Integrate with the cloud

  • Automatically remediate suspicious emails

  • Spot suspicious login behavior

  • Detect unusual financial requests

  • Notice manufactured urgency

To learn more about how Abnormal prevents email spoofing, request a demo today.

Get the Latest Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo