DomainKeys Identified Mail

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email (email spoofing), a technique often used in phishing and email spam.

DKIM allows the receiver to check that an email that claimed to have come from a specific domain was indeed authorized by the owner of that domain.^[1] It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. The recipient system can verify this by looking up the sender's public key published in the DNS. A valid signature also guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed.^[2] Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than the message's authors and recipients.

DKIM is an Internet Standard.^[3] It is defined in RFC 6376, dated September 2011, with updates in RFC 8301 and RFC 8463.

^ Tony Hansen; Dave Crocker; Phillip Hallam-Baker (July 2009). DomainKeys Identified Mail (DKIM) Service Overview. IETF. doi:10.17487/RFC5585. RFC 5585. Retrieved 6 January 2016. Receivers who successfully verify a signature can use information about the signer as part of a program to limit spam, spoofing, phishing, or other undesirable behaviors. DKIM does not, itself, prescribe any specific actions by the recipient; rather, it is an enabling technology for services that do.
^ Dave Crocker; Tony Hansen; Murray S. Kucherawy, eds. (September 2011). "Data Integrity". DomainKeys Identified Mail (DKIM) Signatures. IETF. sec. 1.5. doi:10.17487/RFC6376. RFC 6376. Retrieved 6 January 2016. Verifying the signature asserts that the hashed content has not changed since it was signed and asserts nothing else about "protecting" the end-to-end integrity of the message.
^ Crocker, D.; Hansen, T.; Kucherawy, M. (September 2011). "DomainKeys Identified Mail (DKIM) Signatures". RFC Editor. ISSN 2070-1721. Retrieved 30 March 2020.

[:0-1] Tony Hansen; Dave Crocker; Phillip Hallam-Baker (July 2009). DomainKeys Identified Mail (DKIM) Service Overview. IETF. doi:10.17487/RFC5585. RFC 5585. Retrieved 6 January 2016. Receivers who successfully verify a signature can use information about the signer as part of a program to limit spam, spoofing, phishing, or other undesirable behaviors. DKIM does not, itself, prescribe any specific actions by the recipient; rather, it is an enabling technology for services that do.

[rfc6376-data_integrity-2] Dave Crocker; Tony Hansen; Murray S. Kucherawy, eds. (September 2011). "Data Integrity". DomainKeys Identified Mail (DKIM) Signatures. IETF. sec. 1.5. doi:10.17487/RFC6376. RFC 6376. Retrieved 6 January 2016. Verifying the signature asserts that the hashed content has not changed since it was signed and asserts nothing else about "protecting" the end-to-end integrity of the message.

[Crocker_Hansen_Kucherawy-3] Crocker, D.; Hansen, T.; Kucherawy, M. (September 2011). "DomainKeys Identified Mail (DKIM) Signatures". RFC Editor. ISSN 2070-1721. Retrieved 30 March 2020.

[1]

[2]

[3]