What is DKIM/DMARC?
Posted on 18 March 2024 by Beaming SupportYou may be getting asked by more and more web hosting or email providers to add DKIM records to your domain name, but what is this and why do you need to do it?
DKIM stands for DomainKeys Identified Mail, it is essentially a digital signature that verifies that the party sending the email is verified to do so and the key also ensures that the content is not modified while in transit.
An example of a DKIM TXT record would be the below, with the “p=” being the private key.
NAME: CompanyName._domainkey.example.com
TYPE: TXT
VALUE: v=DKIM1; p=ABC1234
Anyone wanting to verify the authenticity of the email, would need to have the matching key pair which will verify that they are a legitimate sender and therefore pass the DKIM checks, similar to the way in which on an SPF record, you can add IP addresses to the record to ensure that specific Public IP’s are permitted to send on-behalf of a domain name.
Most email providers are now requiring that DKIM records are added as well as SPF (Sender Policy Framework) and more recently DMARC in order to ensure your domain security and make it far easier for providers to filter out false impersonation on a server level before it reaches end users.
DMARC (Domain-based message authentication) works alongside DKIM but with DMARC working alongside, you can perform other functions for your domain security.
As an example, you can add a record such as “v=DMARC1; p=none; rua=mailto:test@example.com” to your DNS service which will monitor emails being sent through but will not send a “reject” or “quarantine” code, but will send a report to test@example.com of this. By simply modifying the p= value from “none”, you can either force the emails to go to “quarantine” (which will be the junk folder for some email providers, or if you are on Office 365 then it will go into a higher level of quarantine), or reject it entirely if it does not pass the authentication tests that either DKIM or SPF have in place.
If you need support with your domain security, get in touch