The sending organization generates a public/private key pair and publishes the public key in their DNS records When sending an email, the server creates a unique signature using the private key and the email's content The signature is added to the email's headers as a DKIM-Signature field The receiving mail server retrieves the sender's public key from DNS and verifies the signature If the signature matches, the email is authenticated as genuinely from that domain

How do I protect myself from dkim?

Organizations should configure DKIM signing for all outgoing email Check for DKIM results in email headers (look for "dkim=pass") Combine DKIM with SPF and DMARC for comprehensive email authentication Use IsThisAScam to verify email authentication status of suspicious messages If an email fails DKIM verification, treat it as suspicious regardless of its content

Home/Glossary/DKIM

Glossary · Defense & Authentication

What Is DKIM?

DomainKeys Identified Mail — an email authentication standard that allows the receiving mail server to verify that an email was actually sent by the domain it claims to be from, using cryptographic digital signatures.

Quick Definition

Think you've been targeted?

Paste the suspicious content here for an instant analysis.

No signup · 6 detection layers · Results in seconds · Cmd+Enter

01DKIM explained.

DKIM adds a digital signature to every outgoing email, like a wax seal on a letter. When your email server sends a message, it creates a unique cryptographic signature based on the email's content and attaches it to the email header. The receiving server uses the sender's published public key to verify the signature.

If the email was modified in transit or sent from an unauthorized server, the DKIM signature won't match, and the receiving server can flag or reject the message. DKIM is a critical defense against email spoofing and phishing.

DKIM works alongside SPF and DMARC to form a comprehensive email authentication framework. Together, these three protocols significantly reduce the ability of attackers to send emails that impersonate legitimate domains.

02How it works.

01The sending organization generates a public/private key pair and publishes the public key in their DNS records

02When sending an email, the server creates a unique signature using the private key and the email's content

03The signature is added to the email's headers as a DKIM-Signature field

04The receiving mail server retrieves the sender's public key from DNS and verifies the signature

05If the signature matches, the email is authenticated as genuinely from that domain

03Real-world example.

IsThisAScam checks DKIM signatures as part of its email authentication layer. When you paste a suspicious email, the tool examines whether the DKIM signature is valid, helping determine if the email was genuinely sent from the claimed domain or was spoofed.

04How to protect yourself.

01Organizations should configure DKIM signing for all outgoing email

02Check for DKIM results in email headers (look for "dkim=pass")

03Combine DKIM with SPF and DMARC for comprehensive email authentication

04Use IsThisAScam to verify email authentication status of suspicious messages

05If an email fails DKIM verification, treat it as suspicious regardless of its content

Related Terms

SPF DMARC Phishing Spoofing

Explore Scam Types

phishing romance crypto investment tech support delivery

Suspect Something?

Run a scan on the message you received.

Run a scan →