Discover what DKIM is, what it isn’t, and how it combines with other email
What Is DKIM?
DKIM defines a standardized way for those who send email to digitally sign. This allows recipients to confirm with a high degree of assurance who the sender of the email really is, and whether or not the message was altered during transit. It complements SPF, an anti-spam email validation framework, by providing email senders with a way to digitally sign all outgoing email from their domain.
DKIM is broadly supported by the world’s major email box providers, and is one of the two underlying authentication methods incorporated into DMARC.
The Benefits of DKIM
Both SPF and DKIM share an important common attribute — neither of them requires end users to change their behavior. This makes DKIM and SPF much easier to deploy than S/MIME, and as a result they have been widely adopted. DKIM signing is valuable for those who want to authenticate their email.
Why? Because DKIM-signed messages can pass through email forwarding servers with their signatures intact. SPF-based authentication will fail (or ‘break’) during forwarding.
Limitations of DKIM
Alone, SPF and DKIM aren’t complete solutions to email authentication. In fact, their limitations fueled the development of DMARC — the only way for email senders to tell email recipients that emails they are sending are truly from them.
With just DKIM and SPF, there is no way for a recipient system to know how much reliance they should put on email validation and there is no way for email recipients to send feedback to senders. Also, domains that are authenticated are buried deep in the message headers and not easily visible to a typical end user.
The Solution: DMARC
End-to-End Email Authentication
DMARC is a cutting-edge email authentication standard. It acts as an overlay that adds three key elements of feedback — policy, and identity alignment to the already-deployed SPF and DKIM framework.
DMARC bridges the gap between SPF, DKIM, and reliable email authentication by making sure the end user receives the original email after being validated by SPF and DKIM.