Your IP is 3.238.112.198 and today is Saturday 18th of May 2024.

IT Granules - DKIM Lookup

What is DKIM?

DKIM, which stands for DomainKeys Identified Mail, is an email authentication method designed to detect email spoofing and ensure the integrity of email messages. It enables the sender of an email to digitally sign the message, allowing the recipient's email server to verify the authenticity of the sender and the message content.

Digital Signature:

DKIM adds a digital signature to the email header using public-key cryptography. The signature is generated based on the content of the email and specific header fields.

Public and Private Keys:

The sending mail server uses a private key to generate the signature, while the recipient's mail server uses the sender's public key to verify the signature.

The public key is openly shared and used by the receiving mail server to verify the DKIM signature on incoming email messages. It is typically included in the sender's DNS records, allowing recipients to access and use it for authentication.

The private key is kept confidential and used by the sending mail server to generate the DKIM signature for outgoing email messages. It must be securely stored and should not be disclosed. Compromising the private key could lead to unauthorized signing of messages.

DNS Record:

The sender publishes a DKIM public key in their domain's DNS records. This public key is used by receiving mail servers to verify the signatures of incoming emails.

Header Fields:

DKIM typically signs specific header fields in the email, ensuring that modifications to these fields can be detected.

Authentication Results:

The DKIM signature, along with other authentication mechanisms such as SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance), contributes to the overall authentication of an email. SPF validates the sending server, while DKIM validates the message content.

Preventing Email Forgery:

DKIM helps prevent email forgery by providing a mechanism for email recipients to verify that the email was indeed sent by the claimed sender and that the content has not been tampered with during transit.

Implementation:

DKIM is widely adopted and supported by major email service providers and email servers. Many organizations use DKIM to enhance the security and trustworthiness of their email communications.

Example DKIM signature in an email header:


DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=example.com;
    s=selector1; h=from:to:subject:date:...
    bh=base64-encoded-message-body-hash;
    b=encoded-signature