Email Authentication: Domain Keys Identified Mail (DKIM)
What is it?
Domain Keys Identified Mail (DKIM) is a method used to verify the identity of an email sender in order to prevent email spoofing. Think of it as a unique electronic signature that allows an email recipient to know whether a message that claims to come from you was actually sent by you.
Why is it important?
DKIM is one of a series of tools that email hosts (ie: Google, Microsoft, etc) use to detect email phishing attempts. By signing a message with DKIM, an email host knows for sure that the sender address on an email actually belongs to the owner of that address.
How does it work?
In order to use DKIM, you (or more likely, your email account provider –ie: Google) creates a matching pair of public and private keys that are unique to your account provider. It “signs” each email message you send by attaching a copy of your provider’s private key and it stores your provider’s public key. When a recipient’s mail host receives a message claiming to be from your provider, it asks your mail server for your provider’s public key to see if they match. If so, then the recipient’s mail host knows that the message actually came from your provider (and by extension, you). If not, then it knows that the message is a fake and should be handled according to your email provider’s policy (which could be to reject, quarantine, or flag the message as spam).
How do people use it?
Generally, whether you use DKIM or not is up to your email provider, but if you’re someone who needs to send email to a lot of people via a Customer Relationship Management (CRM) tool like MailChimp, you might be interested in using DKIM (most CRM tools support DKIM, but don’t turn it on by default). By signing a message with DKIM, you ensure that your messages don’t get flagged as spam by your recipients’ email providers.
To set it up, you will need to refer to your CRM service provider’s documentation on the subject. If you have any questions about DKIM, contact Technology Help.