DKIM (DomainKeys Identified Mail) is an email security standard that helps verify whether an email truly comes from the sender and whether it has been altered during transmission. It works by attaching a digital signature to each outgoing message, which the receiving server can check for authenticity.

How does DKIM work?

When an email is sent, the sender’s mail server uses a private key to create a digital signature. This signature is placed in the email header. A corresponding public key is stored in the sender’s domain DNS record. Upon receiving the email, the recipient’s server uses the public key to verify the signature.

If the signature matches, the recipient knows:

• The email was genuinely sent from the listed domain;
• The message has not been tampered with during transit.

DKIM is domain-based and proves that the sender is authorized to send email on behalf of the domain, even when using third-party services like Mailchimp or Salesforce.

Why is DKIM important?

DKIM adds a vital layer of defense against email-based threats like phishing and spoofing. While SPF verifies the sending server, DKIM goes further by validating the integrity of the email content itself.

Together with SPF and DMARC, DKIM forms a comprehensive email authentication framework. This is especially critical in B2B communications, where trust and data confidentiality are paramount.

DKIM and RiskStudio

RiskStudio helps you assess the email security posture of your suppliers. Our platform automatically checks if their domains use valid DKIM records. You can instantly identify which suppliers have their email security in order — and which don’t. With real-time alerts for missing or misconfigured DKIM setups, you can act quickly to reduce exposure and protect your supply chain from email-based threats.