DKIM adds a cryptographic signature to emails so recipients can verify messages weren’t altered and were authorized by your domain. Learn how DKIM works and why it matters.
DKIM (DomainKeys Identified Mail) is an email authentication method that uses cryptographic signatures to verify an email’s authenticity. When DKIM is enabled, your sending system signs outgoing messages using a private key, and recipients verify that signature using a public key published in DNS.
This verification helps receiving providers confirm that the email wasn’t altered in transit and that it was sent by an authorized system for your domain. DKIM is a major trust signal for inbox placement and phishing prevention.
To use DKIM, you publish a DKIM TXT record for a selector (for example, selector1._domainkey.yourdomain.com). Keep records current, rotate keys when needed, and ensure every sending platform uses DKIM consistently.