Email - DomainKeys Identified Mail (DKIM) - Mail Signatures


DomainKeys Identified Mail (DKIM) is a method to sign digitally outgoing email, thereby allowing a person, role, or organization to claim some responsibility for the message.

The signature will associate a domain name to an email message,

Because the DKIM process signs digitally all messages send, the receiving end can:

  • authenticate the sender (not spam or phishing)
  • verify that the message was not modified.

How it works

Steps to set up DKIM

Generate a Private / Public Key Pair

As first step, you should generate a key pair for your domain.

If you use an email provider, the key is provided by them.

Create a DKIM DNS Record

A DNS record should create with:

  • a DNS key
  • that contains as value, the public key

Email servers can use this key to verify your messages' DKIM signatures.

DNS Key:


where the DKIM selector:

  • is specified as an attribute of the DKIM signature header field (the s key) in the emails send.
  • permit multiple keys under the same organization's domain name.


Enable the DKIM processing and start adding the signature to message

The DKIM filter is the filter application that adds the DKIM signature to all outgoing messages

When turned on, the DKIM signature is recorded as an header field in the message.

For example:

DKIM-Filter: OpenDKIM Filter v2.11.0 3E16E1FBE8
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;;
	s=dkimSelector; t=1591988898;


  • s is the dkim selector that you find in the domain record
  • d is the domain


Below are library or software that can helps your set up a DKIM process>

Specification / Reference


Powered by ComboStrap