Blog

What is DKIM signature


DKIM
Email authentication DomainKeys Identified Mail (DKIM).

Basically, DKIM performs the encryption of the email via private Key and allows the receiver to decrypt it via public Key: if the hash value matches it’s ok, otherwise there is something wrong.

Remember that DKIM signature is something that is chained to a domain. So you have to verify if your email provider performs DKIM signature.

DomainKeys Identified Mail (DKIM) allows a sender to associate a domain name with an email message.

 

HOW IT WORKS

Step 1: keys generation. The hosting email provider generates public and private keys by giving as input a domain name.

The following is an example of public/private-key generated by providing a domain name (e.g.: servermx.com):

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD3/pOlGgOukTnE2a8K0emn3ZQc
qlCPMjVqiGttC9gc5hJOXA0dHbuCYyo2Pp27nCOs/JCiokZS24W7UJADsXYjMUmT
tSsZZSu7A+b/MD3eLM6U9cgRfWvzS0WA1aPvV6qVjBthWusmaqeYjFXnK7XkoItR
C5akXhasectmR8os6QIDAQAB
-----END PUBLIC KEY-----

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQD3/pOlGgOukTnE2a8K0emn3ZQcqlCPMjVqiGttC9gc5hJOXA0d
HbuCYyo2Pp27nCOs/JCiokZS24W7UJADsXYjMUmTtSsZZSu7A+b/MD3eLM6U9cgR
fWvzS0WA1aPvV6qVjBthWusmaqeYjFXnK7XkoItRC5akXhasectmR8os6QIDAQAB
AoGBAO5DC61DOihc5OjI0BEQLnIWQ7fqti1t6r4oxTVmfML/FLVuYTcJGt8h0St+
q2LVl70ahweJ6xCuUmTt+P9jX4B6K9OjTYteXUX6lhZwDO2qNVPyoLba/t2fOLs1
lSh2CCBpr36h6EwkM2AaCWcmIoyqVGqRUIZ8P/FyAjiz9A7lAkEA/fvH+b1wujRI
QyZ74tCRbWJ0axSLxMZAkrpuRTAtrvr3XnlWBdnAATC3lnE56hUPYDbCHk/1JInV
8kCqo8C/3wJBAPn2n3KMjUC64BPV2ZCewK+mvxkfL3760wXdQHUKFVfwFBw1Ijqd
0ZVIbi268Ouji7G4PihiNNOH1IqgB9HtjDcCQQDEKYetKpR7LFA3lOyQJNh9bFJQ
NeExjJFpAhaS14AhKnKOBBbdk+2IvdC9oBvD4JosjH5nHQhQPSkB3tIsgX1vAkBf
F7eo+Fd0XKOKaDyQjBR5vlHM2NRU1k8ZWAaBgAiGn8rGwF/5NLjatedUdl3ZByrJ
vXHIIzQ9lNsCscbH0jsZAkBQArLtQh4I10kkqC9iNymRxNYL9PkcKEFGweajBKa5
tWR9uXQAsOYf4fbqq95mQp12jiiNrKahn7GapLa9BvJ/
-----END RSA PRIVATE KEY-----

Step 2: The owner of the domain "servemx.com" has to put the public-key in a TXT record.

Step 3: The private key is used to sign outbound emails and an additional header (containing the hash of the message and other informations) is added in the outbound message.

See the following picture as an example of header.

When the previous email is received by the destination server, this one retrieves the DKIM header, reads the public key from the domain name, performs the hash with the public key and compares the hash with the header of the incoming email.

If the comparison is succesfully this means that the email is not altered.

BLOG

  • What is DKIM signature

    View
  • How to check DNS propagation?

    View
  • What an email alias address is and when it could be useful

    View
  • How the “catch-all” option works?

    View
  • Email and Web Hosting Separate? Excellent choice.

    View
  • IWANTMYNAME SERVERMX MX DNS Setup

    View
  • Punycode conversion for MX records

    View
  • Free domains, where and how

    View
  • How to set email web client with your domain name

    View
  • What Are MX Records?

    View
  • One common cliché about POP and IMAP

    View
  • Best email hosting comparison 2020

    View

Our contacts