DKIM is a technology:

  • where an organization can take responsibility for a message in a way that can be verified by the recipient of that message
  • that enables the recipient of a message to detect when the message has been tampered with during transit
  • that can contribute to the deliverability of messages
  • which can help to lower chances of abuse of a domainname c.q. to decrease the impact that abuse can have
  • that paves the way and lays the foundation for reputation technologies and -services, which in turn can be used to better utilize anti-spam techniques

DKIM is not:

  • the ultimate solution to the spam problem (FUSSP)
  • an anti-spam technology in itself
  • a source of information about the sender; it does not tell you whether the sender is a spammer or not

DKIM from sender to recipient

  • a person or application sends an e-mail message
  • the mail system, responsible for the delivery of the message on Internet, adds information to the message (a so called DKIM signature). This information is invisible to the recipient of the message
  • the mail system of the recipient checks the DKIM signature
  • now there are two options:
    1. the signature is valid
    2. the signature is invalid, or cannot be verified
    According to the DKIM specification, in the latter case the message is treated by the receiving mail system as if there was no DKIM signature present at all. This means there is no damage caused in case of a missing or invalid signature.
  • the result of this check (Authentication-Results) is added to the message by the receiving mail system. Again, this information is not directly visible to the recipient
  • the result then can be used by the receiving end to optionally mitigate the impact of specific anti-spam rules, or whitelist the sender based upon reputation information about the sending domain.


For more technical information, read...


To prevent expectations around DKIM that cannot be met, it is important to differentiate between myth and facts, to tell what DKIM is and what DKIM is not.