For questions-questions

What is DKIM?

23.02.2024

Picture of a beautifully tidy garden

DKIM is an Internet technology that is designed to make e-mail communication more secure. more credible by showing whether emails really come from the person they appear to come from and that the content of the email has not been changed "on the way".

DKIM is the equivalent of the letter seal

Imagine you are sending an important letter and want to make sure that it is

  1. arrives safely, and
  2. that the recipient knows that the letter really comes from you and that nobody has altered the contents en route. The postal seal was and still is used for this purpose.

DKIM is like a invisible Letter seal for your e-mails.

This seal should prove two things:

  1. The e-mail arrives really from the specified sender. Just as a seal on an envelope shows that the letter originates from a specific person or company, DKIM confirms that the email actually comes from the domain (i.e. the Internet address) stated in the sender's name.
  2. The content of the e-mail has not been changed "en route". If you receive a sealed letter in which the seal has been broken, this is sure to raise the alarm. You probably wouldn't trust the content 100% and would contact the sender. DKIM is supposed to work in a similar way by ensuring that the content of the email is exactly as the sender sent it, without anyone adding, removing or changing anything along the way.

A slight diversions: What does "on the move" mean and what does e-mail manipulation mean?

Emails are forwarded via a number of servers before they reach their destination. The starting point is the sender's server and the destination is your Internet provider's server. In between, there may be many other servers where your e-mail is forwarded. In the real world, you could say a postal distribution centre. Or an intermediate stop on the Pony Express. Each of these servers is a point at which the email could theoretically be accessed and its content manipulated - be it by adding, removing or changing text or attachments. Such manipulation could be for malicious reasons, such as:

  • Adding malware or phishing links: An attacker inserts harmful content, e.g. on pages where your computer is infected with malware, into an otherwise legitimate email in order to deceive or harm the recipient.
  • Change in the message: Information within the e-mail could be changed to harm the recipient or the sender. For example, in the case of offers or important data.
  • Remove important content: Sometimes the omission is bad enough. Certain information could be removed from the email to cause damage.

But back to DKIM:

How does DKIM work technically?

  1. When an e-mail is sent, the Server of the sender a DKIM signature.
  2. When the e-mail reaches the recipient, the Server of the recipient the key using the public key stored on the sender's server.
  3. If everything matches, the 🎉partied like crazy 🥳 is finally allowed to read the latest offers for cat litter or our newsletter.
  4. If not, the recipient's server decides what to do with it. Google (i.e. Gmail), for example, has recently started sending the mail back with the comment:

This mail has been blocked because the sender is unauthenticated. Gmail requires all senders to authenticate with either SPF or DKIM.

Always at your service, your humble friend Gmail

If this has happened to you, you should check with your e-mail provider. By the way: In our maintenance packages, we also pay attention to such "little things".

What does a DKIM signature look like?

This signature is essentially a series of letters and numbers created with a special private key that only the sender knows. When the email reaches its recipient, the recipient's server can then decrypt it with a public key that is included in the DNS settings of the sender check whether the signature is valid. If everything matches, it is clear that the e-mail is authentic and has not been manipulated.

When does DKIM have no effect?

The moment the sender's email account has been hacked, DKIM is ineffective. This is because both the sender and the content are credible, but a completely different person or a bot is now writing the content of the email. In the real world, it would be as if someone had been hacked under Hypnosis or drugs 😵‍💫 or forced to write a false letter with mostly damaging information. Even a letter seal is powerless against this.