Features Pricing
Learn
What is DMARC? What is SPF? What is DKIM? What is BIMI?
Free Tools
DMARC Checker SPF Checker DKIM Checker BIMI Checker MTA-STS Checker Blacklist Checker Header Analyzer Domain Scanner Blog Docs About Contact
Sign in Start →

What is DKIM?

DKIM (DomainKeys Identified Mail) is an email authentication method that uses cryptographic signatures to verify that an email was sent by an authorized server and hasn't been tampered with in transit.

How DKIM Works

When you send an email, your mail server adds a digital signature to the email headers. This signature is created using a private key that only your server knows. The receiving server looks up your domain's DKIM public key (published as a DNS TXT record) and uses it to verify the signature.

If the signature matches, the email passes DKIM authentication — proving the message came from your domain and wasn't modified during delivery.

DKIM DNS Record

selector._domainkey.yourdomain.com IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBA..."

The record name includes a "selector" (like google or s1) that identifies which key pair to use. This allows rotating keys without downtime.

Why DKIM Matters

DKIM is crucial for email deliverability and security. It helps mailbox providers verify that messages haven't been altered, reduces the chance of your emails landing in spam, and works together with SPF and DMARC to provide comprehensive email authentication.

DKIM + DMARC Alignment

For DMARC to pass using DKIM, the domain in the DKIM signature (the "d=" tag) must align with the domain in the email's visible "From" header. This prevents attackers from using their own DKIM-signed domain to impersonate yours.

Track DKIM alignment across all your senders

Get Started Free

Your domain is being tested right now.
Are you watching?

Protect your brand and improve deliverability — automatically, with continuous monitoring and alerts.

Start Free — No Credit Card View Pricing →