DomainKeys Identified Mail, or DKIM, is an email authentication protocol used to prevent domain spoofing. It uses digital signatures to help receiving email servers authenticate emails from your domain and identify if they have been tampered with.
By implementing DKIM on your domain and sending servers, you authenticate all emails sent by authorized senders.
When an email is sent from your domain, your private key is used to create a signature for those emails.The receiving email server then fetches a public encryption key that can be found in the DKIM records on your DNS, and uses it to verify the signature. If the signature is validated and the public and private key pairs match, the email is authenticated.
If an attacker tried to modify the email during transit, this signature would fail to verify. The receiving server would see this as evidence of tampering and mark the email, protecting the end receiver from a potentially malicious email.
DMARC uses both DKIM and SPF authentication to detect spoofing attempts in email.
With PowerDMARC, we help you create and publish your DKIM records on the DNS, making the process much more efficient.