Skip to contentSkip to navigationSkip to topbar
Twilio SendGrid Docs
Page tools
On this page
Looking for more inspiration?Visit the

DomainKeys Identified Mail (DKIM)

Internet standard. A domain-based email authentication protocol that helps ISPs better identify legitimate email senders. RFC 6376(link takes you to an external page) defined this standards and RFC 8301(link takes you to an external page), RFC 8463(link takes you to an external page), RFC 8553(link takes you to an external page), and RFC 8616(link takes you to an external page) updated it.

The DomainKeys Identified Mail (DKIM) process includes two components: a DKIM record stored in your DNS records and a DKIM-Signature metadata entry in your email message headers.

To verify the authenticity of an email message, DKIM adds the DKIM-Signature to the header of every email message you send. This signature includes two key components:

  • Instructions on how to generate the digital fingerprint for this email message
  • A copy of the digital fingerprint encrypted with public-key cryptography(link takes you to an external page)

The instructions explain to the receiving server where it can find the public key and what settings to use to re-create the digital fingerprint. Having retrieved the key, the receiving server can compare a decrypted version of the fingerprint in the signature to its recreation based on the instructions. If they match, the receiving server considers the email message valid and sends it on to the recipient's inbox.

By providing an encrypted source of validity, the DKIM signature prevents bad actors from impersonating a legitimate domain.

While Twilio turns on DKIM for all email on all IP addresses, you must configure domain authentication first.