DKIM Simplified
DomainKeys Identified Mail (DKIM), is a mechanism that allows verification of the source and contents of email messages. Using DKIM, sending domains can include a cryptographic signature in outgoing email messages.
A message’s signature may be verified by any (or all) MTAs (mail servers) during transit and by the Mail User Agent (MUA) upon delivery. A verified signature indicates the message was sent by the sending domain and the
message was not altered in transit. A signature that fails verification indicates the message may have been altered during transit or that the sender is fraudulently using the sending domain name. Unsigned messages contain no guarantee about the sending domain or integrity of the message contents.
Service providers may use the success or failure of DKIM signature verification, or the lack of a DKIM signature, to determine subsequent handling of incoming email messages. Possible actions include dropping invalid messages without impact to the final recipient or exposing the results of DKIM verification, or the lack of a signature, directly to the recipient.