DKIM (DomainKeys Identified Mail) is an authentication method which helps protect both email recipients and email senders from forged and phishing email messages.
DKIM uses public-key cryptography to ‘sign’ email with a private key, as it leaves a sending server. This digital ‘signature’ is added (as a field) to the message header. Generated by the sending Mail Transfer Agent (MTA), it uses an algorithm which creates a unique string of characters - a hash value.
When the signature is generated, the public key used to generate it is stored at the listed domain. Recipient servers can then use the public key to verify the source of the message, and that the body of the message has not changed during transit. The recipient server verifies the hash value (created with the private key) against the public key and, if they match, it means that the email has not been altered – the message passes DKIM and is considered to be authentic.
This gives users some security knowing that the email did actually originate from the listed domain, and that it has not been modified since it was sent.