ValidEmailChecker

What is DKIM? (Email glossary definition)

Last updated May 19, 2026Email glossary

DKIM (DomainKeys Identified Mail) is a cryptographic email-authentication standard defined in RFC 6376. It works by signing every outbound message with a private key held by the sender. Receiving servers fetch the matching public key from the sender's DNS and verify the signature.

The key pair lives at a "selector", which is a subdomain like selector1._domainkey.yourdomain.com. The public key is published as a TXT record at that subdomain. The private key stays with the sending platform (your ESP, mail server, etc.).

On send, the mail server adds a DKIM-Signature header to the message. This header contains a hash of the message body and certain key headers, encrypted with the private key. Receivers decrypt with the public key from DNS and confirm the hash matches the actual message content.

DKIM signing survives legitimate forwarding (unlike SPF), making it the more durable of the two authentication mechanisms. DMARC requires either SPF or DKIM to pass with proper alignment.

See what is DKIM for the full explanation and how to set up DKIM for the setup walkthrough. Free DKIM checker on our site.

Related questions

What is DKIM and how does it authenticate your email?
How to set up DKIM authentication for your domain
What is SPF? (Email glossary definition)
What is DMARC? (Email glossary definition)
Back to all FAQs

Still stuck? Email support