Mail authentication: DKIM protocol

In a previous article, we explained the importance of using an SPF field in the DNS records of the company’s domain name.

In addition to the SPF, it is recommended to use the DKIM email authentication protocol to guarantee the identity of the senders when sending emails, and to avoid that our messages are considered undesirable by the recipients.

What is a DKIM registration?

Domain Keys Identified Mail (DKIM) is an email authentication protocol that allows the receiver of a message to verify unequivocally whether this email has actually been sent and authorized by the owner of this domain.

This is done by means of a digital signature using asymmetric public key cryptography (we explained in a recent article the types of email cryptography and the current state of encryption) to sign emails and that they can be confirmed by the recipients.

How DKIM works

By simplifying the question as much as possible, the DKIM system introduces a unique header with a digital signature into the content of each email. Each time a message is sent, the destination server makes a request to the DNS of the sender’s domain, and if, in the signature field, DKIM is set, it obtains the public key of the domain and uses it to decrypt the signature value: if these two values coincide, the authenticity of the message is confirmed.

DKIM prevents cybercriminals from falsifying their identity.

DKIM is a very useful tool in the fight against phishing because it prevents identity theft by cybercriminals. This is of great benefit to email senders; checking their identity improves the reputation of their domains, resulting in optimized email deliverability.

For organizations sending transactional emails, the deployment of DKIM is an essential element to ensure that their mail reaches its destination. For this reason, Alinto recommends the use of SPF as well as DKIM in the use of its SMTP Gateway transactional email service, which users can easily configure with the help of our support team.

On the other hand, DKIM also benefits email recipients, our only by avoiding them malicious messages, also by increasing the effectiveness of block and allow lists configured by domain.

However, it should not be forgotten that DKIM is not a tool to fight spam; it allows the recipient to distinguish the legitimate flow of their email, but it does not prevent or identify abuses. To do this, it is necessary to add an anti-spam relay that will also analyze the content of the message.