Emails are the foundation of modern business communication. Therefore, it is essential to ensure the authenticity and integrity of email communications. However, since email is a distributed system, there is unfortunately no native guarantee of message authenticity and integrity.
DKIM is an email standard created precisely to address these limitations.
How exactly does it work?
DKIM works by adding a digital signature to your emails. The recipient can verify this signature to ensure that:
- The email was actually sent by you
- The email content (including attachments) was not altered during delivery
In many ways, DKIM is the digital equivalent of the old wax-sealed letters. In the past, the recipient recognized authenticity by the mark on the seal. With DKIM, this verification is done through a public cryptographic key published in the sender’s DNS (Domain Name System).
Thus, it is possible to confirm whether the email was actually signed by the stated author. Likewise, the integrity of the signature ensures that the message content and its attachments have not undergone any modification since they were signed.
Benefits of implementing the DKIM protocol
The implementation of DKIM offers a series of advantages for an organization:
- The sender’s identity can be verified by the recipient
- Prevents modification of email content (including attachments) during the delivery process
- Improves email delivery rate to customers. Messages signed with DKIM are less likely to be directed to the SPAM folder
A DKIM protocol alone cannot prevent email spoofing
In an ideal scenario, all emails would be signed with DKIM. In that case, it would be easy to configure a secure email server: it would simply be a matter of ignoring all messages that could not be verified by DKIM. This would completely solve the problem of email spoofing.
Unfortunately, this is not the reality. In practice, more than half of legitimate corporate emails do not have third-party DKIM signatures, which prevents verifying whether they were actually sent by the claimed author.
When a server receives an unauthenticated email, it cannot simply ignore it. The receiving party does not know whether your organization uses DKIM or not. It was precisely to solve this problem that the DMARC standard was developed.
Organizations that use DMARC allow receiving servers to make more assertive decisions against unauthorized emails.
The authenticity of an email
DKIM is a more robust authentication method than SPF (Sender Policy Framework), as it remains valid in most email forwarding scenarios and ensures that nothing in the message was altered during sending.
As the business owner, you do not need to take any technical action regarding DKIM. The configuration is handled by the email administrator, while the signing and validation are performed by the sending and receiving servers.
Authentication method
DKIM, on its own, is not an anti-spam technology, but it provides a solid authentication foundation upon which reputation services can be built.
These services, in turn, can be used by spam filters to further improve email security.