DKIM record stands for DomainKeys Identified Mail. It’s a method to approve the authenticity of email messages. When each email is sent, it is signed using a private key and then validated on the receiving mail server (or ISP) using a public key that is in DNS. This process confirms that the message was not altered during transit.
DKIM record is not needed but the emails included with DKIM record appears legitimate to your receiver and it reduces the email falling into junk and spam folder. It is needed for DMARC record, which stands for “Domain-based Message Authentication, Reporting & Conformance” to decrease email spoofing which builds on top of SPF and DKIM. It’s also checking the authenticity of an email message, DKIM also provides a way for ISPs to track and build a reputation on your domain sending history.
Working of DKIM
The DKIM is similar to SPF, DKIM uses DNS TXT records with a special format. When a private/public key was created, then the public key will be added to your DNS. Unlike SPF, you can maintain many DKIM records for various sending sources. Each DKIM record is identified using a selector.
DKIM can be adding a digital signature to the headers of an email message and the digital signature can be verified against a public cryptographic key in the organization’s Domain Name System (DNS) records.
A domain owner publishes a cryptographic public key as a specially-formatted TXT record in the domain’s overall DNS records. When an inbound email server receives an incoming email, it looks up the sender’s public DKIM key in DNS. Then inbound server uses this key to decrypt the signature and compares it against a freshly computed version. If the two values match, the message can be proved to authentic and unaltered in transit.