DKIM (DomainKeys Identified Mail) is a way to digitally sign emails, ensuring they are authorized by the owner of a specific domain and haven’t been tampered with during transit. Here’s how it works:
- The email sender generates a cryptographic public/private key pair, signs the email with the private key, and shares the public key in the DNS records of their domain.
- The recipient retrieves the public key from DNS and verifies the signature in the email’s headers to confirm the message’s integrity.
However, DKIM alone doesn’t stop scammers from spoofing an email’s From address and sending messages from unauthorized servers. For instance, a scammer could attach a valid DKIM signature for domain spoofed-example.com to the email while using
[email protected] as the sender address. Despite this, the email would still pass a DKIM check.