DKIM stands for DomainKeys Identified Mail. DKIM is designed to detect forged sender addresses in email (i.e. email spoofing), a technique often used in phishing and email spam.
It's one way to authenticate emails, similar to SPF (Sender Policy Framework). While SPF uses IP addresses to authenticate emails, DKIM uses cryptography.
DKIM relies on two encryption keys:
- Private key: This is accessible only to the domain’s owner. It creates a digital signature that you attach to your email header. This signature serves to authenticate your outgoing messages.
- Public key: This is accessible in the sender’s DNS server. Recipients use the public key to verify the DKIM signature in the message header.