DKIM records, along with SPF and DMARC records, are the most important methods for combating email spoofing. Through these records, mail servers receiving the messages verify the origin of each email and block any forged or malicious messages from unauthorized users.
What is DKIM?
DKIM (DomainKeys Identified Mail) is a method of email authentication that uses digital signatures to verify that an email message was sent by an authorized server and has not been modified during transmission. This ensures the integrity of the message and prevents any spoofing of the sender's address.
What is a DKIM record in the DNS zone file?
A DKIM record is a specially formatted DNS record of type TXT that contains the public key, which the recipient's mail server will use to verify the signature from the email headers and more specifically the DKIM-Signature header.
Such a DNS record has the following syntax:
default._domainkey.webtool.gr TXT "v=DKIM1; k=rsa; p=MIIBIj[...]AQAB;"
In the above record, we have the following declarations:
| VARIABLE | MEANING |
| default | The DKIM selector, which is the unique name of the record |
| _domainkey | Indicates that this is a DKIM record and always follows the selector |
| v= | Version number (currently DKIM1) |
| k= | The type of key (usually rsa) |
| p= | The public key for the signatures |
Both the public and private keys are issued by the email provider sending the emails.
In the web hosting and email hosting plans of our company, DKIM records are added automatically by our systems, so no further configuration is needed unless third-party mail servers/providers are also being used.
