What is DKIM and why you need it

Featured image

Share this article

What is DKIM and why is it important?

What makes an email authentic? First, it really came from the sender it says it came from. Second, its content was not tampered with during transmission.

Visual inspection used to be enough to spot fake emails, but spammers’ methods have grown sophisticated. Display names and email addresses can be spoofed convincingly, along with the message content.

The good news is that there are simple yet effective ways to validate emails and reduce fraud attacks: DKIM, SPF, and DMARC. The bad news is that not many organizations include these in their email security strategy.  Let’s try to change that by discussing DKIM in detail.

What is DKIM and how does it work?

By definition, DomainKeys Identified Mail (DKIM) is a method that authenticates emails through a pair of cryptographic keys – a public key published in a Domain Name System TXT record and a private key encrypted in a signature affixed to outgoing messages. Both keys are generated by the domain owner.

After a message is received, the destination server extracts the signature and uses the public key from the domain owner to decrypt it. If the signature can be decrypted, the keys are match and the message is validated. Recipients of the message can trust its authenticity.

If it can’t be decrypted, the message is either deleted or sent to the spam folder, depending on the local policies for messages that fail the signature test.

The DKIM signature

Before sending out messages, the domain owner decides which elements to add in the signature; these can be just some parts of the email header (like sender’s information), or most parts of the email header plus the message body.

Once set, the elements should stay unchanged; otherwise, verification will fail.

Next, a mail transfer agent (MTA) generates a hash value, which is a unique character string that represents the signature. The hash value is short enough to be inserted in the header of outgoing messages, and also encrypted by a private key known only to the domain owner.

Importance of DKIM

DKIM discourages spammers from spoofing and protects recipients from phishing attacks. In turn, it improves email deliverability and strengthens stakeholder trust.

Suppose a retail company launches an email campaign about a new product line. Without authentication, messages are either marked as spam or not delivered to intended recipients, causing the company to lose business.

Spammers can take the opportunity to create their own phishing emails based on the campaign, so there’s additional danger of confusing customers.

Some recipients may think the fake messages are real and end up with a malware infection. Though it isn’t the company’s fault, its trustworthiness will still take a hit.

DKIM works best when more organizations use it. Most messages will be authenticated, making it especially hard for spammers to spoof emails.

How Paubox can help

DKIM is a good first step in email authentication, and it can be done using Paubox Email Suite Plus.

One of the hundreds of checks Paubox Email Suite Plus makes against incoming emails includes validating DKIM, SPF and DMARC records.

But some spammers can still get around the signature test by using valid consumer platforms like Yahoo! and Gmail, so your inbox needs further protection like the advanced threat detection features Paubox Email Suite Plus offers. For example, ExecProtect stops display name spoofing attacks from reaching users.

You can see ExecProtect in action for yourself with a free 14-day trial.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Rick Kuwahara

Rick Kuwahara is COO and Chief Compliancy Officer for Paubox.

Read more by Rick Kuwahara

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022