top of page

What is DKIM?

What is DKIM?

Emails are the workhorses of modern business communication. So, It
imperative that we can guarantee the authenticity and integrity of email communications. Since
email is a distributed system, unfortunately, the authenticity and integrity of email messages are
not guaranteed. DKIM is an email standard that is designed to address these shortcomings.

Benefits of implementing a DKIM protocol

Implementing DKIM, by means of a protocol for DKIM, offers a number of advantages for an organization:

  • The sender's identity can be verified by the recipient

  • It prevents modification of the content of the email (including attachments) during the delivery process

  • It improves the delivery speed of emails to customers. E-mails signed using DKIM are less likely to be placed in the SPAM box.

The authenticity of an email

DKIM is a stronger authentication method than Sender Policy Framework (SPF) , as it survives most forwarding and ensures that nothing happened to the message while it was being sent.


As an owner you don't have to do anything with DKIM. The e-mail administrator does the configuration and the actual signing and validation  is performed by the sending and receiving e-mail servers.

How exactly does it work?

DKIM works by adding a digital signature to your emails. The recipient of your email can verify this signature to ensure that:

  • The email is really from you

  • The content of the e-mail (including its attachments) has not been changed during the e-mail delivery


In many ways, DKIM is the digital equivalent of the wax-sealed letters of the past. A recipient of a wax-sealed letter could use the symbol on the wax to verify the identity of the letter's author. The recipient of a letter signed by DKIM can use the public encryption key for this. This is signed by the sender of the letter, via their DNS (Domain Name System). This way you can check whether the email is actually signed by the alleged author. In the same way, the integrity of the wax seal used to show that the letter had not been tampered with during delivery. The recipient of a letter signed by DKIM can verify that the content of the email and its attachment have not been altered in any way since the email was signed.

A protocol with DKIM cannot prevent email spoofing by itself

In an ideal world, every email would be DKIM signed. In such a world a secure e-mail server could be easily set up: ignore all e-mails that cannot be verified via a DKIM protocol. This would solve the email spoofing problem altogether. Unfortunately, that's not the world we live in. In practice, more than half of all legitimate business emails do not have a third-party DKIM signature, so it cannot be verified whether they are from the alleged author.


When an email server receives an unauthenticated email, it cannot simply be ignored. The receiving party will then not know whether your organisation implements DKIM or not. The DMARC standard has been developed to solve this problem. Organisations using DMARC in this way help receiving email servers to act decisively against unauthorised emails.

Authentication method

DKIM itself is not a technology against spam, but provides a basis for authentication, with which reputation services can be set up, for example.


These services can in turn be used by spam filters.

"78% of people claim to be aware of the risks of unknown links in emails. And yet they click…"

bottom of page