Cyber Security Academy · Lesson

DKIM Signing

Cryptographically signing messages.

What DKIM Provides

DKIM (DomainKeys Identified Mail) attaches a cryptographic signature to outgoing email. A receiver can verify that signature to confirm two things:

The message was genuinely authorized by the signing domain
The signed content was not altered in transit

Where SPF authorizes servers, DKIM authenticates the message itself, and that signature survives forwarding.

Public Key Cryptography Basics

DKIM relies on asymmetric cryptography. The domain owner holds a key pair:

The private key stays secret on the sending mail server and is used to sign
The public key is published in DNS and is used by anyone to verify

Because only the holder of the private key can produce a valid signature, a successful verification proves the message came from the legitimate domain.

All lessons in this course

How Email Spoofing Works
SPF Records
DKIM Signing
DMARC Policy and Reporting

← Back to Cyber Security Academy