Glossary

DKIM (DomainKeys Identified Mail)

DKIM cryptographically signs outgoing email so receivers can verify it truly came from your domain and was not altered in transit.

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing email, letting receiving servers verify that a message genuinely came from your domain and was not modified along the way.

How it works

Your mail server signs each message with a private key.
The matching public key is published as a txt-record at a selector subdomain, e.g. selector1._domainkey.example.com.
The receiver fetches the public key via dns and verifies the signature.

What it proves

DKIM authenticates the domain in the signature and guarantees message integrity — but on its own it does not dictate what to do on failure. That decision is governed by dmarc.

Why it matters for hosting

Alongside spf, DKIM is essential for inbox placement; many providers now require both. When you set up email at a new host or third-party sender, publishing the correct DKIM key is a mandatory step for reliable delivery.

See also

SPF (Sender Policy Framework) SPF is a DNS TXT record listing which servers may send email for your domain, helping receivers reject forged messages and spam. DMARC DMARC builds on SPF and DKIM to tell receivers how to handle mail that fails authentication and sends you reports on abuse of your domain. TXT Record A TXT record stores arbitrary text in DNS, widely used for domain verification and email authentication policies like SPF, DKIM, and DMARC. MX Record An MX record is the DNS entry that directs a domain’s email to the correct mail servers, with priority values choosing primary and backups.

← All terms