Like SPF records, DKIM records are used to check if an email has been sent from a server that is allowed to send mail for your domain. However, the way in which this is done is quite different: DKIM uses a digital signature. Because outgoing emails are signed DKIM is also used to check if an incoming email was modified between the time it was sent and the time it was received.
DKIM uses cryptography to sign emails. It is quite a complicated technology but it works roughly as follows:
DKIM has several advantages over SPF. For one thing, you don’t have to figure out which IP addresses should be whitelisted. And because DKIM uses signatures it also works with email forwarding. Plus, it adds the ability to check if an email was tampered with.
If you are hosting your email with us and you are using our name servers then you probably already have a DKIM record, as the record is added automatically when a hosting package is created. You can check if your domain has a DKIM record via your hosting control panel. For instance, if you use cPanel then you can view all TXT records using the Zone Editor.
A DKIM record is a TXT record that looks like this (the record’s value has been shortened for readability):
example.net. TXT "v=DKIM1; k=rsa; p=MIIBI...DAQAB;"
The record’s value has three parts:
Like SFP, DKIM is used by DMARC to help combat spam and phishing.