DKIM stands for Domain keys identified mail which is an email authentication technique that generates a digital signature in the header. This digital signature is added within the message or body of the email and is secured with encryption. DKIM helps the receiver to check if an email was indeed sent and was authorized by the owner of the domain.

Once the receiver (or the receiving system) determines if an email is signed with a valid DKIM signature. If an email has a valid DKIM signature, then it is confirmed that the parts of that email such as the message body and attachments have not been modified. DKIM signature is not visible to the end-users and validation is done on the server level.

DKIM signature is generated through MTA (Mail Transfer Agent) using algorithms. One of these algorithms is rsa-sha256. The algorithm generates a unique string of characters which is also known as “Hash Value”. The generated hash value should be stored in the listed domain. When an email message header includes two cryptographic hashes including hashes of specified header and message body (or part of it). The header consists of information related to how the signature was generated. Whenever the inbound mail server receives an email, it looks up the sender’s public DKIM key in the DNS. The inbound server uses the key for decrypting the signature and to compares it with a freshly computed version. If these two values match then it is proven that the message is authentic and unaltered in transit.

Does DKIM help to filter email?

No, it does not. However, the information provided by DKIM helps filters that the receiving domain has set up. If the email comes from a trusted domain and has been verified through DKIM, the email may have its spam score reduced. If an email’s DKIM signature cannot be verified (because the email was either fake or there was another reason), the email will be marked as spam and will either be quarantined or a spam tag will be added to its subject line (for warning recipients that the email is suspicious).

Here is an example of a DomainKeys Identified Mail record:

DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=Selector;c=relaxed/simple; q=dns/txt; t=timestamp; x=Expire time o DKIM;h=from:to:subject:date:keywords:keywords;bh=;b=

• v, version
• a, signing algorithm
• d, domain
• s, selector
• c, canonicalization algorithm(s) for header and body
• q, default query method
• t, signature timestamp
• x, expire time
• h, header fields – list of all those that have been signed
• bh, body hash
• b, the signature of headers and body

KDMARC: THE DKIM RECORD CHECKER

DKIM record serves as an extra layer of security when it is implemented along with DMARC and SPF. It makes sure that emails are secured against any form of spoofing and are delivered without any trouble.

KDMARC analyses the SPF record of your organization and ensures that the report helps experts (present within your organization) to set the record accordingly for your organization. With KDMARC, your organization can stay protected from the sources that are trying to forge your domain names.

KDMARC comes with some of the most innovative and beneficial features like:

1. Dynamic SPF: Elimination and whitelisting of IP addresses
2. Dynamic DKIM: Authenticates and manages multiple source keys
3. Instant changes in policies through dynamic DMARC

With such unparalleled features, you can effectively improve the email domain reputation of your organization. In addition to these features, you get 100% security to prevent email spoofing practices and the misuse of your email domain.