The DKIM signature (Domain Keys Identified Mail) is a standard almost universally supported by major email providers and anti-spam systems.
The DKIM encryption authentication method validates that the email is authorized by the domain owner of the sending domain by adding a digital signature to the email.
This signature is based on asymmetric cryptography:
- The signee (in this case, Dialog Insight) has the private part of the key, which is used to sign emails.
- The public part of the key is indicated in the domain's DNS for which the emails are signed.
When receiving an email, the mail server that finds a signature will look in the DNS servers to retrieve the public key and use it to validate the signature.
When the signature is validated, it indicates 2 things:
- That the email has been signed by a server (Dialog Insight) that has the private key. It is therefore authorized to be signed by the server owner (your company) since the existence of the public key in your DNS indicates that you have accepted that we sign on your behalf;
- That the email was not changed while in transit. If it had been changed, the signature would no longer be valid.
The DKIM signature works as follows:
- A public key of several alphanumeric characters is inserted in the configurations of your domain.
- Dialog Insight has the private key. The domain that receives the email comes from our servers, but since we have the private key, the email coming from Dialog Insight is authenticated.
For more information on DKIM: http://www.dkim.org/