What is DKIM?
There are various tools and techniques available to enhance your email security. In this article, we'll look at DKIM and related systems that help with authenticating emails and protecting against spam and phishing attacks.
What is DKIM, and how does it work?
DKIM stands for Domain Keys Identified Mail. It is a method of email authentication that enables the recipient to verify that the owner of a domain indeed sent an email. DKIM is achieved by attaching a digital signature to the email in a header added to the message and secured with advanced encryption. This is the DKIM signature.
Once the recipient determines that the email contains a valid DKIM signature, they verify that parts of the email (such as attachments and the message body) have not been modified in any way. DKIM signatures are not usually visible to end-users - it is at the server where the validation occurs.
With the DKIM standard implemented, email deliverability is immediately improved. By using DKIM in combination with DMARC, you get added protection against malicious emails being sent disguised as your domain.
The origins of DKIM come from the emerging of two separate specifications in 2004: Domain Keys and Identified Internet Mail. It has since been developed into a popular authentication technique that is used by all the leading ISPs to check incoming mail.
What is DKIM vs DMARC?
DMARC stands for Domain-based Message Authentication, Reporting and Conformance. It is another system for email validation to protect business email domains against exploitation via things like email spoofing and phishing scams. DMARC works by combining two other email authentication techniques: SPF (Sender Policy Framework) and DKIM.
DMARC works by contributing a core function to any email security solution: reporting. When a domain owner adds a DMARC record to their DNS record, they can see precisely who is sending out emails on behalf of their domain. This information empowers the domain owner to have complete control over what emails are sent on their behalf. As such, DMARC is effective at safeguarding your domains against phishing attacks and email spoofing.
Though DMARC uses some of the functions of DKIM, it is a different measure. For a complete email security solution, most people will implement DKIM, DMARC and SPF to cover every base. This way, you reassure your recipients of your communications' validity and prevent cybercriminals posing as your brand by exploiting your domain to send communications.
Should I enable DKIM?
DKIM isn't a compulsory requirement, but having a DKIM signature makes your communications appear more legitimate to recipients. This will reduce the chances of your emails being filtered into a junk/spam folder. Spoofing and phishing scams regularly exploit trusted domains for their campaigns, and DKIM makes it harder for them to do this.
DKIM has good compatibility with modern email infrastructure and can work with DMARC and SPF to create a multi-layered security solution for domains sending emails. If your mail server doesn't support DKIM, it will still receive messages that have DKIM signatures with no problem.
It is strongly recommended that you add a DKIM record to your DNS where possible. ISPs like Gmail, AOL and Yahoo use it to assess incoming mail, making it more likely that your messages will be delivered. It can also help build the reputation of your domain for ISPs, as the low spam and bounces and the higher engagement helps ISPs recognise your good sending reliability.
Bear in mind, however, that while DKIM verifies that the content of your message has not been altered, it doesn't encrypt the content. Hackers could still intercept content, and any confidential information contained could still be compromised. Encryption is a separate area of email security that you should be aware of.
What is DKIM and SPF?
SPF stands for Sender Policy Framework. It is another powerful email authentication technology that assists with email security. As with DKIM, it is a protocol that links a sent email back to a domain. When the email is received, the recipient's email provider will verify the SPF record by searching for the domain name in the 'envelope from' address. The recipient will be given details about the legitimacy of the sender. If the sender's IP address comes from a not listed server, the message may be flagged as spam and fail the SPF authentication.
SPF is the third component of a complete solution for protecting against spoofed emails. By using DKIM, DMARC and SPF in combination, you can effectively prevent fraudulent emails posing as your domain from reaching the inboxes of your employees, customers, clients, etc. However, it is vital also to ensure your employees are trained to recognise phishing emails as they sometimes make it past the filters in place.
Training is an essential component of email security as it can empower people to avoid being fooled by fake communications. But with a robust email security system in place, you minimise the chances of these emails ever reaching their targets.