DNS DNS records

DKIM record – definition

Once you get into the DNS game, you have to know the tools to play and face every challenge ahead. The DNS has its structure, but it can be adapted to your specific needs. The only way to enjoy the benefits of its flexibility is to play with its different “cards”. Let’s define the DKIM record to know what it has in store for you!

What is the DKIM record?

DKIM record or DomainKeys identified mail is defined as an e-mail security standard created for domains to prove the e-mails sent on their behalf are authentic. To enable it gives certainty about your messages’ trustability to recipient servers. This is not a minor contribution to security in the current times. DKIM also protects messages from being altered while traveling from the sender server to the recipient server. Basically, these important functions are achieved through cryptography.

How does the DKIM record work?

The DKIM technology allows domains to sign outgoing messages using cryptographic authentication. When you enable DKIM, it will work through the use of two cryptographic keys, one private and one public. The private key will sign e-mails when they leave the sender server. The public key is published into the domain’s DNS record to be available for the recipient servers to authenticate the messages’ source and check the integrity of the messages’ body. If the signature gets verified by the recipient server (via the public key), the messages are considered authentic.

Let’s now be a bit more technical. As an administrator of a domain, you have to publish the cryptographic public key using TXT record format. This step is a must for recipients to verify the authenticity of the message’s sender. When the mail server sends an e-mail, DKIM will create a digital signature and attach it to the message’s header. 

At this point, for sure, you may wonder what exactly a digital signature is. Well, it’s a hash value, a unique line of text properly encrypted with the private key, that must remain exclusively in the administrator’s control. Otherwise, security can’t be guaranteed.

DKIM has, as a part of its functionality, multiple algorithms for generating this digital signature. Every detail linked to the signature’s production process is written in the message’s header. Additionally, two cryptographic hashes are included. One is connected to the defined headers and the other to the message’s body.

The sent e-mail travels and arrives at the recipient mail server. This triggers a DNS query to search the public key of the sender domain for verifying the message. The recipient mail server gets it and proceeds to decrypt the digital signature. The hash values can now be compared with the values within the message. A match of these values will define the authentication of the e-mail. Besides, the recipient mail server will confirm that the message was not altered in transit. Therefore, security for the recipient while accepting this e-mail is guaranteed.

Advantages of having a DKIM record

  • It’s easy to configure. An administrator can directly do it.
  • It’s an efficient shield against forged and dangerous e-mails. Through DKIM, you can secure the messages sent from your domain not to be altered and damage recipients and your reputation.
  • It helps to avoid phishing and spoofing.
  • It provides security to your domain’s mail server, and its possibilities can be expanded if you combine it with other DNS records like DMARC.

Conclusion

The DKIM record means security for your domain mail server and for your clients (recipients). It’s by definition a security ace you should have up your sleeve!

Leave a Reply

Your email address will not be published.