Glossary · Email

DKIM (DomainKeys Identified Mail)

A cryptographic signature on every outgoing email that proves the message hasn't been tampered with in transit.

Diagram explaining DKIM (DomainKeys Identified Mail)

DKIM uses public-key cryptography. Your mail server holds a private signing key; the corresponding public key is published in your DNS as a TXT record at selector._domainkey.yourdomain.com. Every outgoing message gets a DKIM-Signature header containing a hash of the message body signed with the private key.

When the receiving server sees the DKIM-Signature, it pulls your public key from DNS and verifies. If the signature matches, the message was signed by you and hasn't been modified. If not, the receiver knows something's wrong.

You don't manually create the keys — your mail provider generates them and gives you the TXT record to paste. Google Workspace, Microsoft 365, OpenSRS Hosted Email, and Modusdom Mailbox all handle this automatically.

DKIM alone doesn't prove the sender is who they claim — it only proves the message wasn't altered. Combined with SPF and DMARC, it gives the receiver enough signal to confidently accept or reject mail.

Now the jargon makes sense — let us handle the rest.

You learned what it means; we'll set it up. Register your domain, get email that lands in the inbox, and never decode a renewal bill again — flat pricing, free privacy, real human support.

No upsells at checkout · Free WHOIS privacy · Same price every year · Transfer out free, anytime

Find your domain See flat pricing