DKIM Email Authentication


Table of Contents

What is DKIM Email Authentication 

Email authentication is a way to say, "This email is from Pinpointe's servers, but it's being sent on behalf of me, so you can trust it." It basically prevents your email from looking spoofed (like a forgery).  DKIM is the e-mail authentication standard developed by the Internet Engineering Task Force to address one of the Internet's biggest threats: e-mail fraud.  As much as 80% of e-mail from leading brands, banks and ISPs is spoofed, at least according to the Online Trust Alliance (

DKIM was an important first step in rebuilding consumer confidence in e-mail, because DKIM makes it hard (i.e., almost impossible) for evil, fraudulent spammers to send emails where they pretend to be someone else – like your bank – asking you to update your account information. As of early 2013 – virtually every ISP that hosts email inboxes (,, etc) uses DKIM and monitors sender reputation based on your 'DKIM identity'. Virtually all email providers, including Pinpointe of course, also use DKIM to ensure that your permission-based email campaigns aren't blocked.

Email protocols (like SMTP) do not include authentication support, so a recipient of a message has no confidence that the message they are receiving is from whom it claims to be from. DKIM is a way to permit a receiver of a message to validate that a message is, in fact, from whom it claims to be from. DKIM, which stands for "Domain Keys Identified Mail", lets an organization insert a cryptographic signature on outbound e-mail and associate that signature with its domain name. The signature travels with the e-mail regardless of its path across the Internet. The recipient of the e-mail can use the signature to validate that the message came from the organization's domain name. (If you're a Pinpointe customer – you don't have to worry – by default we use DKIM signing for all of your emails). DKIM won't eliminate e-mail fraud altogether, but it will help companies that are targets of phishing scams to give their customers a way of ensuring they sent a particular message.

DKIM is a merger of two protocols: DomainKeys, which was created by Yahoo, and Identified Internet Mail, which was created by Cisco. These companies along with other ESP's and ISPs work with the IETF's DKIM working group on technical specifications.  DKIM development started in 2004 and as mentioned- is now universally supported.  

Now that the standards are complete and compliant products are readily available, many enterprises will implement DKIM in their email systems in 2009. In order to ensure your emails are not blocked by these domains, you'll want to ensure your emails are being sent with DKIM enabled. If you want to learn more, we cover authentication and authorization (DKIM and SPF) in our recent Webinar: Email Marketing 201: Advanced Email Delivery Topics

The Next Standard: DMARC

You'll start to hear more about a new and complimentary authentication / authorization method called DMARC.  DMARC aims to combine the benefits of SPF and DKIM.  We'll explain DMARC in an upcoming entry.



He does not need any intro. Your know that he will only edit blog posts when it's needed.