IronSights

Network & infrastructure

DKIM

An email authentication method that adds a cryptographic digital signature to outgoing emails, allowing receiving mail servers to verify that the message has not been tampered with in transit.

Also known asDKIMDomainKeys Identified Mail

In plain English

DKIM works like a wax seal on a letter. When your email server sends a message, it adds a digital signature created with a private key. The recipient's server checks this signature against a public key published in your DNS records. If the signature matches, the email is genuine and unaltered. If it doesn't match, the email may have been forged or tampered with.

Full definition

DKIM adds a cryptographic signature to every email your domain sends. When a message leaves your mail server, it gets signed using a private key you control. The receiving server looks up the corresponding public key in your DNS and checks whether the signature matches the email's content and headers. If it does, the message is confirmed as genuinely from your domain and unmodified in transit. If the signature is missing or broken, the receiving server can treat the message with suspicion or reject it.

DKIM alone does not stop someone from sending email that claims to be from your domain. That requires and working alongside it. SPF specifies which servers are authorised to send on your behalf; DMARC tells receiving servers what to do when a message fails SPF or DKIM checks. The three records together form an authentication layer that makes significantly harder in attacks targeting your customers or suppliers.

Getting DKIM configured correctly in takes about ten minutes. The key pair is generated in the Microsoft 365 Defender portal, and two CNAME records get added to your DNS. IronSights checks DKIM, SPF, and DMARC alignment as part of every Microsoft 365 security assessment, because impersonation attacks on a business's email domain can cause real damage to suppliers and customers before the business knows it is happening.

Keep learning

More terms in the IronSights Glossary.