Stands for "DomainKeys Identified Mail." DKIM is an email authentication technology that verifies a message was sent from a legitimate user of an email address. It is designed to prevent email forgery or spoofing.
DKIM works by attaching a digital signature to the header of an email message. The header is generated by the outgoing mail server and is unique to the domain hosted on the server. The receiving mail server can check the header against a public key stored in the sending server's DNS record to confirm the authenticity of the message.
Many popular email services like Gmail, Yahoo! Mail, and Outlook use DKIM by default. Other email accounts, such as those set up on web servers may require DKIM to be manually activated. For example, cPanel – a popular Linux web server application – allows an administrator to activate DKIM in the section of the cPanel interface. Once DKIM is enabled, it is activated for all users automatically.
While DKIM provides a simple way to verify a message has been sent from the corresponding domain, it is not a foolproof solution. For example, the receiving mail server must also support DKIM or the header information will be ignored. Additionally, messages with a valid signature can be forwarded or resent from another email address. It is also important to note that DKIM is designed to authenticate messages, not prevent spam. While a valid DKIM header may mean a message is less likely to be spam, it has no relation to the content of the message.
The DomainKeys Identified Mail specification was created in 2005 when Yahoo! and Cisco merged their respective DomainKeys and Identified Internet Mail into a single solution. It was published by the Internet Engineering Task Force (IETF) the same year and has been in use ever since.
NOTE: DKIM is commonly used along with SPF (Server Policy Framework), though the two verification methods are completely separate.
Updated: January 6, 2017