The DKIM signature (Domain Keys Identified Mail) is an Internet standard that is almost universally supported by major email providers and anti-spam systems.
The DKIM encryption authentication method validates that the email is authorized by the the domain owner of the sending domain by adding a digital signature to the email
This signature is based on an asymmetric cryptography:
- The signee (in this case, Dialog Insight) has the private part of the key, which is used to sign emails.
- The public part of the key is indicated in the DNS of the domain for which the emails are signed.
When receiving an email, the mail server that finds a signature will look in the DNS servers to retrieve the public key and use it to validate the signature.
When the signature is validated, it indicates 2 things:
- That the email has been signed by a server (Dialog Insight) that has the private key. It is therefore authorized to be signed by the server owner (your company) since the existence of the public key in your DNS indicates that you have accepted that we sign on your behalf;
- That the email was not changed while in transit. If it had been changed, the signature would no longer be valid.
The DKIM signature works as follows:
- A public key of several alphanumeric characters is inserted in the configurations of your domain.
- Dialog Insight has the private key. The domain that receives the email comes from our servers, but since we have the private key, the email that comes from Dialog Insight is authenticated.
A DKIM public key looks like this:
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCA"
To set up DKIM signatures for your domains, you must do the following:
- Take note of all the domains that will be used as sender addresses in your emails (for example: “yourcompany.com” and “service.yourcompany.com”).
- Send our support team a request to obtain DKIM signatures, along with the list of all your domains.
- Create the DNS entries that will be provided by our team in your domains, and advise us when they are created.
Our team will validate the DNS entries and enable the DKIM signatures for the domains you have provided for your account.
For more information on DKIM: http://www.dkim.org/