DKIM, short for DomainKeys Identified Mail, is a method for authenticating emails. This procedure enables the recipient to check whether an email actually originates from the sender specified in the message and has not been changed during transport. The DKIM entry is checked by the recipient using cryptographic authentication.
When a message is sent, the sending mail server automatically adds a DKIM signature to the message header of the email using the private key, which contains a hash value of the message content and the header information (FROM, date, subject, Reply-To, sender, recipient, etc.). It is important that fields remain unchanged during transmission, otherwise DKIM authentication will fail. If the receiving mail server supports DKIM and scans incoming messages for it, it will react as follows:
How a mail server reacts when it detects an invalid signature depends on the configuration of the receiving mail server or the DMARC entry of the sending domain.
DKIM can only be used with EuropeanMX if you use the outgoing filter for your domain!
In addition to the content of your message, we will also sign the following header information:
Using DKIM for your outgoing messages offers several advantages, e. g.:
If a spammer attempts to misuse your domain or e-mail address to send his or her messages, DKIM reduces the chance that the message will actually reach the recipient. Incoming messages are checked by most mail services (such as Yahoo!, GMail, Web.de) for a valid DKIM signature.
DKIM and SPF work together to ensure the security of emails by preventing the interception and falsification of messages. Both are components of DMARC (Domain-based Message Authentication, Reporting, and Conformance), but fulfill different functions. DKIM ensures that the data in an email has not been manipulated by third parties. SPF, on the other hand, prevents email spoofing by checking the sender domain.
An SPF entry is configured by a TXT entry in the DNS of the domain, similar to DKIM. This entry lists all email servers that are authorized to send emails on behalf of the domain. If an attacker attempts to use spoofed email headers, the SPF record allows the recipient's email server to detect and block such fraudulent messages before they reach the inbox.
While SPF ensures that spoofed emails are not delivered, it cannot prevent an attacker from spoofing a message. Without DKIM, an attacker could intercept an email and change the content before it reaches the recipient. DKIM complements SPF by confirming the authenticity of the sender and ensuring that the message remains unchanged during transmission.
Together, DKIM and SPF increase the security of the email system. As emails are the main means of communication on the Internet, they have long been an easy target for attackers looking to steal identities and access data. With DKIM and SPF, effective security strategies are now available that are part of the DMARC guidelines.
DMARC also defines how to deal with messages that do not pass validation. Large organizations can configure DMARC policies to keep suspicious messages in quarantine until an administrator has reviewed them. Legitimate messages that are mistakenly quarantined can then be released to ensure that important communications are not lost or deleted. After sufficient testing of the security rules, DMARC can be set to automatically delete or reject messages that fail the DKIM or SPF check.
DKIM, SPF and DMARC are often mistakenly considered interchangeable, although they are different, complementary methods for improving email security. DMARC acts as a set of rules that defines how to deal with emails that do not pass DKIM and SPF checks.
DMARC offers three options for action in the event of a failed DKIM check: quarantine, rejection and no action. The DMARC process decides which of these options is applied based on the settings of the email administrator who configures the DMARC policies.
The option "No Action" means that the message will be delivered to the inbox despite the validation error. This setting is often used by security administrators who need to check suspicious messages.
Many administrators prefer the quarantine option for emails that do not pass validation. Such messages are collected in a secure area that normal users cannot access and can be reviewed later by the administrator. This check helps to determine whether the company is the target of phishing attacks or whether the SPF and DKIM settings are incorrectly configured. If the email system uses artificial intelligence (AI), the administrator can use the manual check to further train and improve the AI.
If DMARC is set to reject, emails that do not pass DKIM validation are rejected by the server and not delivered. This is common practice on public email services like Gmail, where millions of emails that fail SPF and DKIM checks are rejected to protect users from phishing, hacking and other identity theft attempts.
For instructions on how to log into the admin panel of EuropeanMX, please see our FAQ article "How can I log in to the Admin-Panel (web interface of the filter)?".
![[EN]](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAUCAYAAACaq43EAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoTWFjaW50b3NoKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDpERTc5MkI3RjE3OEExMUUyQTcxNDlDNEFCRkNENzc2NiIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDpERTc5MkI4MDE3OEExMUUyQTcxNDlDNEFCRkNENzc2NiI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOkEyMTE0RjIyMTc4QTExRTJBNzE0OUM0QUJGQ0Q3NzY2IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOkRFNzkyQjdFMTc4QTExRTJBNzE0OUM0QUJGQ0Q3NzY2Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+60cYSwAAAyhJREFUeNrElN1PU3cYxz/tOQUBD/aNymtbUAq2IOiUWXmZA40Iy2BzcW53y7JlyZLtZuE/8NaY7Gbe7WJbdJnTDOdQCbLKrERUotgCSodQ7AsFpK28yKT7rfsL2gv7JCcn+eV3zpPv5/l+H9X2xp65SqtJGfr1Fg3vNPD02SIhfwRniwP3pdvsOVxPaCHGs7+DOA/VJs8crXXEs3P48OfTfMIcU+SRaqlMzm8SNut2VuefIxvyydZIxFbWyX35iviLNZRiPZJaxdLyCkoiQUyc6cwFTPvC9FRkcbJMy7JaTrmxHIuvxaZm5xW7+Jl3NkKRaRt5OVlMjvuoqa9gwr9AgS4PvTYP78hjdtVVEAw9J+Kdxv7Td+hL8tGTeslGg8Jeexk3/riLs62O+cU441NBDjbZGbg+SlNbPYvRF9zzzHCoycFA/yhvCtRqnZbr5a1YEjGm5S2po1ZXfRHVaCTlWLODq24v1eWFGPVbuXH5Dh3vORm88xhziR5zoZ5rl9y0dx/ggS/EzGSQs5Ua3s39h7CUlbri0mKdUGzmijBXqzBXYH4Z931fsmlf7zBvd+wjIigMDI/TcbyRvt+GOSgUZ62uU3S2h8IdRgrTQK1S2T6PyhpZ+aB9LxcF2hpbCUUF27hy4S+Of/wWfUMeykuNVIin9/xNuj9qYWR8juknIc5szNC1voA/DdSypayAhlor57/vp/NEC7OBRfpveek+0cwvP/7JsfedhEWcLg8+pOtkMxfOuTjc5WSrSc+S6ymSQYtGyk5dsVT9/4zbhZmu3Z5IztggXOwSZjvSuZ+hUR9mEan/KAz+PkJb5z7GngSYdXu46T9Ho3EL6ZSKnZ9Fax0W5aFrDNuB6mROA6El7BYTnns+bPt3srK2gV+QcIjIPRLzrxL3ZkLLfB0c40udRCAd1EfFNioxaSG+Sl2NmchSnCKjwh6HBWlzk/rd1uTyMOTn8MbuctRiieyqLKbKbqXs4gSvQmFephOnRCIRFW+F11yyp/3TtD/eSKjYTM4rjcZh110yUZlDPfnVqcwovkppRhRnDrX/2x+UjKDuJXcuE4r/FWAAjBMttNdoYOEAAAAASUVORK5CYII=){kind=small}
test.
In order for the public key to be retrieved by the receiving mail server, it must be propagated in the DNS settings of your domain. The TXT record should then look like this:
test._domainkey.example.com IN TXT v=DKIM1; g=*; k=rsa; p=[public key in one line];
The entry must be made as a TXT record. Replace test with the name of the selector from step 2 and public key in one line with the public key that you generated previously.
Now that the key can be retrieved from receiving mail servers, the outgoing user must be connected to the DKIM selector in the webinterface.
test in this example) under DKIM Selector.
Once the user has been linked to the DKIM selector, the DKIM signature is added to the header of each outgoing message that has been authenticated with this user (assuming you do not use a separate DKIM certificate). The receiving mail server can decode the signature using the public key and confirm authenticity.
Protecting Your Business from Phishing Attacks: Types, Dangers, and Prevention Strategies. Learn how to recognize and avoid phishing attacks to safeguard your company's data and reputation.
The modern cyber threat landscape is characterized by a diversity and complexity of attack methods. A comprehensive security awareness strategy that addresses different types of threats and teaches security best practices is essential to establish an effective security culture within the organization.
Insider threats are another major threat to organizations, in addition to external threats. In this article, you will learn what exactly insider threats are, why they arise and how you can protect your company against them.
This article looks at the impact of the GDPR on IT security and explains its role in strengthening data protection safeguards, reshaping cybersecurity strategies and promoting a culture of data protection.
Unlock the secrets of email security! Dive into our comprehensive guide on the crucial roles of email encryption and authentication, their mechanisms, benefits, and best practices.
Discover how to fortify your business email against cyber threats! Learn the top 9 essential steps in our latest guide to boost your email security and protect sensitive data.
As companies increasingly rely on technology and digital processes, potential vulnerabilities and threats are growing exponentially. In this article, we address the various aspects of cybersecurity within the supply chain and shed light on its importance, challenges, and strategies for protecting your business.
Cyber security is critical for small and medium-sized enterprises (SMEs) as they need to protect high-value data and customer trust. Our guide provides concise information to strengthen SME cybersecurity. We highlight fundamental concepts, identify threats, and provide practical advice on how to implement security measures.
Working from home: opportunities and challenges of teleworking. The rise of telecommuting offers many benefits, but it also brings new cybersecurity risks and challenges. Learn how companies and employees can overcome these challenges.