What Is a DKIM Record?

A DKIM (DomainKeys Identified Mail) record is a DNS TXT record that contains a public key used to verify that an email truly came from your domain and wasn't altered (spoofed) in transit. Your mail system signs each outgoing message using a private key, and receiving servers use the public key in your DKIM record to confirm the signature. This helps prevent spoofing and improves email deliverability.

How DKIM Works

1. Signing (Sender)

Your mail server uses a private key to create a unique digital signature for each outgoing email. This signature is added to the message header.

2. Publishing (DNS)

The matching public key is published in DNS as a TXT record under a selector (e.g., default._domainkey.yourdomain.com).

3. Verification (Receiver)

The receiving server:

  1. Detects the DKIM-Signature header

  2. Retrieves the public key from your DNS

  3. Uses it to confirm the email's signature matches the message content

If everything matches, the message is authenticated.

Key Components

  • DNS TXT Record: Stores the DKIM public key in your domain's DNS

  • Selector: A label (like default or s1) used to locate the correct key

  • Public Key (p=): The key used by receiving servers to verify the signature

Why DKIM Matters

  • Prevents spoofing: Helps block attackers from sending fake emails using your domain.

  • Improves deliverability: Authenticated mail is more likely to reach the inbox.

  • Builds trust: Recipients and mailbox providers can verify that your emails are genuine and tamper-free.

burritos@banana-pancakes.com braunstrowman@banana-pancakes.com finnbalor@banana-pancakes.com ricflair@banana-pancakes.com randysavage@banana-pancakes.com