You might be aware that one of the biggest email scams is spoofing, the act of pretending to be someone you’re not in order to steal personal information from the victim. One major tool we have to defend ourselves against spoofing is DKIM. Let’s explore what it is.
DKIM stands for DomainKeys Identified Mail. It is an email authentication method that was created to identify fake email addresses by allowing the receiver to confirm that an email comes from the domain it claims to. DKIM accomplishes this feat by attaching a digital signature to outgoing emails; the receiver can then look up the sender’s public key in the DNS (Domain Name System).
While not perfect, DKIM can be effective in identifying potential phishing attacks, so they can be stopped before they happen.
If you’re wondering why you don’t see these digital signatures, that’s because you’re not supposed to. DKIM is handled by the mail services, and is usually not user-facing.
