What Is a DKIM Public Key?

 

A DKIM (DomainKeys Identified Mail) public key is a cryptographic key published in a domain's DNS as a TXT record. It allows receiving mail servers to verify that an email was authorized by the sending domain and has not been altered during transit.

The public key works with a corresponding private key, which is used by the sending mail server to digitally sign outgoing messages.

Key Aspects of a DKIM Public Key

Purpose: Enables recipients to validate the digital signature included in an email's headers.

Storage: Published in DNS as a TXT record using a selector format, such as:
selector._domainkey.example.com

Security Benefit: Helps prevent spoofing and phishing by confirming domain authenticity and message integrity.

Structure: Contains structured tags, including:

  • v=DKIM1 (version)

  • p= (public key value)

Part of a Broader Authentication Framework: Works alongside SPF and DMARC to strengthen domain reputation and improve email deliverability.

How DKIM Verification Works

  1. Signing: The sending mail server signs the message using a private key.

  2. Publishing: The matching public key is published in DNS.

  3. Verification: The receiving server retrieves the public key from DNS and validates the signature.

If the signature is successfully verified, the message is authenticated as originating from the claimed domain and unchanged in transit, which improves the email's chances of being delivered to the inbox.

burritos@banana-pancakes.com braunstrowman@banana-pancakes.com finnbalor@banana-pancakes.com ricflair@banana-pancakes.com randysavage@banana-pancakes.com