What is DKIM and how does it work?
Understand how DKIM signs outbound mail and how DNS publishes the public key used for verification.
What DKIM is
DKIM stands for DomainKeys Identified Mail. It allows an email sender to cryptographically sign messages so receiving systems can verify they were signed by an authorized source.
The receiving server checks the signature in the message against a public key published in DNS.
How DKIM uses DNS
The public key is published as a TXT record under a selector, for example selector._domainkey.example.com.
The selector lets an organization rotate keys or support multiple sending systems.
Why DKIM matters
DKIM helps prove message authenticity and supports DMARC alignment.
It is especially important for organizations sending through multiple mail platforms or cloud services.