DKIM - proof a message is really yours

DKIM attaches a cryptographic signature to every message you send. Receiving servers use it to confirm the mail genuinely came from your domain and wasn't tampered with on the way.

d SPF DKIM DMARC MTA-STS TLS-RPT DNSSEC Blacklist

What it is

DKIM (DomainKeys Identified Mail) signs your outgoing mail with a private key. The matching public key is published in your DNS, so any receiver can verify the signature - proving the message really came from your domain and that its key contents haven't been changed in transit.

Why it matters

Where SPF checks the sending server, DKIM checks the message itself - and it survives forwarding, where SPF often doesn't. Together they give DMARC two independent ways to confirm a message is authentic.

What "good" looks like

Every service that sends as you signs with DKIM, using strong, current keys that are rotated over time, with no unsigned senders slipping through. Spotting an unsigned or misconfigured sender is where most domains come unstuck - and where we keep watch.

Related: SPF · DMARC · MTA-STS · TLS-RPT · DNSSEC · Blacklist monitoring

See where your DKIM stands

DMARCER spots unsigned and misconfigured senders across your domains and explains what's at risk.

Get started

Free domain check

Check your domain security

See how your domain's security compares to your competitors.