What is DKIM?
DKIM (DomainKeys Identified Mail) is an email authentication method that uses cryptographic signatures to verify that an email was sent by an authorized server and was not altered in transit.
DKIM Definition
DomainKeys Identified Mail (DKIM) is an email authentication protocol that allows the sending mail server to digitally sign outgoing messages. The signature is added as a header to the email and can be verified by the receiving server using a public key published in the sender's DNS records. This process confirms two things: the email genuinely originated from an authorized server for that domain, and the message content has not been tampered with during transit.
The DKIM signing process works by generating a hash of specified email headers and body content, then encrypting that hash with the domain's private key. The receiving server retrieves the public key from the domain's DNS (stored as a DKIM TXT record), decrypts the signature, and compares the hash values. If they match, the email passes DKIM authentication. If they differ, the message may have been modified or forged.
DKIM is a critical component of modern email security. Along with SPF and DMARC, it forms the email authentication triad that ISPs use to determine whether an email is legitimate. Domains with valid DKIM signatures enjoy better inbox placement, stronger sender reputation, and protection against phishing attacks that attempt to impersonate their brand.
How DKIM Relates to Email Verification
While DKIM is primarily a sending-side authentication protocol, it plays a role in email verification by helping our service assess domain health and legitimacy. When we verify an email address, we evaluate the domain's overall email infrastructure, including whether DKIM is properly configured. Domains with DKIM signing enabled tend to be well-maintained and are more likely to have valid, active mailboxes.
If you send email from your own domain, properly configuring DKIM ensures that your messages to verified recipients reach the inbox. You can check your DKIM setup with our free authentication checker.
Verify your DKIM configuration. Use our free checker to confirm your email authentication is set up correctly.
Check DKIM SetupDKIM FAQ
DKIM works by adding a cryptographic signature to the header of every outgoing email. The sending server signs the message using a private key, and the corresponding public key is published in the domain's DNS records. The receiving server retrieves the public key and verifies the signature to confirm the email was not altered in transit and came from an authorized sender.
SPF verifies that the sending server is authorized to send email for a domain by checking IP addresses. DKIM verifies the message itself has not been tampered with by using a cryptographic signature. Both are complementary — SPF validates the sender, while DKIM validates the message integrity. Using both together with DMARC provides the strongest email authentication.
Use our free SPF, DKIM & DMARC Checker to verify your DKIM configuration. The tool checks your DNS for the DKIM public key record and confirms it matches the signatures on your outgoing emails.
Try our free email verifier — verify any email instantly, no signup required. Need bulk verification? Upload your list and clean thousands of emails in minutes.
Developers: integrate email verification into your app with our RESTful API — SDKs for 7 languages.
View our simple pricing plans — start free, scale as you grow.
Learn more: what is email verification · best practices · how it works