DKIM’s Role in Email Security


DKIM is the abbreviation for Domain Keys Identified Mail. It is a standard for email security that is meant to ensure that there are no alterations in messages that are in transit between the sending and the receiving servers. Public-key cryptography is used in it for signing an email with a private key while it leaves a sending server. A public key that is published to the DNS of a domain is then used by the recipient server in order to verify the message’s source as well as to ascertain that the message’s body hadn’t changed while it was in transit. Post the successful verification of the signature by the recipient server through the public key, the message is considered authentic and is allowed to pass the DKIM.

In the context of servers, web hosting service uses servers to store the files of websites for the purpose of making these available in order for the websites to be accessible. Web hosting is of different types and is referred to with different terms, such as “Linux Dedicated Server Hosting”, “Windows Shared Web Hosting”, “Window Reseller Hosting” etc.

Importance of DKIM

DKIM, which is compatible with the existing mail infrastructure, is not a requirement but emails that have been signed with DKIM seem genuine to the recipients and encounter lesser probability of being delivered into Spam or Junk folders. Spam and phishing activities spoof emails from domains that are trusted. DKIM proves to be useful in this matter as it makes it difficult to spoof emails from domains which use it.

DKIM works together with DMARC (Domain-based Message Authentication, Reporting & Conformance) and SPF (Sender Policy Framework) for the purpose of creating multiple security levels for domains that send emails. This security protocol is entirely optional and those mail servers which do not support DKIM signatures will have no difficulty in receiving signed messages.

It might not be a requirement but it is recommended to add a DKIM record, whenever it is possible, to one’s DNS (Domain Name System) for authenticating mail from one’s domain. Numerous tests that have been carried out, prove that there is a higher probability of messages getting delivered when such a security protocol is used. DKIM provides an additional benefit, wherein it is used by ISPs (Internet Service Providers) for building a domain’s reputation over time. As one’s sent emails’ delivery improves, it aids in building one’s domain’s reputation with ISPs, with regard to sending emails. This eventually helps in improving email deliverability.

Now that we know about the benefits that DKIM provides, it is important to be aware of the function that it isn’t able to perform. DKIM does not encrypt a message’s contents. It merely aids in ensuring that there hasn’t been any alteration in the message. Upon the delivery of a message, the DKIM signature remains in the email header but it doesn’t encrypt the message’s content at all.

The Way DKIM Functions

A DKIM functions by using two actions for verifying messages. The first of these actions occurs in the server that is sending DKIM signed emails. The second action takes place in the recipient server, which checks DKIM signatures of the incoming messages. A private/public key pair facilitates the entire process. One’s private key is kept safe as well as secret. The public key is added to one’s domain’s DNS records in order for it to be broadcasted to the world for verifying one’s messages. This key pair can be generated by an entity when it runs its own mail server. In the event that one uses the services of an email provider that supports DKIM, this pair of keys will be generated by the respective email provider.

The Right Way of Implementing DKIM

The addition of DKIM to one’s DNS (Domain Name System) is highly recommended. Moreover, it is important to ensure that it is properly implemented. Certain measures need to be taken to achieve this, such as, making sure that no key is shared as well as regular rotation of keys and having a distributed and encrypted key storage.

A dedicated DKIM key should be possessed by each entity that sends unique mail streams. Any compromised DKIM key is able to impact merely a single stream, if a sender does not mix DKIM keys between mail streams.

As per recommendations, DKIM keys need to be changed regularly. Regular key rotation makes sure that any key which is compromised is used for a limited time. This renders the compromised key useless, once it is rotated and gets replaced by a new key. Moreover, senders must avoid both, storing private keys in plaintext as well as maintaining a database of keys that is centralized. Additionally, the best security practices need to be followed with regard to PKI (Public Key Infrastructure) security.

Leave a Reply

Your email address will not be published. Required fields are marked *