Let’s simplify this down by looking at DKIM records as a Lock and a Key. A DKIM signature in your email header is essentially the “lock” and your DKIM record acts as the key. Your DKIM record is a published string of characters in your domain’s DNS records. These can only be added by your domain administrator (click here for more information on DNS Management).
When an inbound mail server receives a message, it will detect the DKIM signature (aka padlock) and look up the sender’s public DKIM key via their DNS. The variable or DKIM selector provided in the DKIM signature is used to determine where to look for this key. If the key is found, it can be used to decrypt the DKIM signature. This is then compared to the values retrieved from the received mail. If they match, the DKIM is valid, if not then this is either rejected or filtered (depending on the rules of the receiving server).
The “other standards” often covered within the same context as DKIM are SPF and DMARC records. All these standards contribute towards different aspects of email authentication and address complementary issues:
If you are a business sending commercial or transactional email, you definitely need to implement at least one or more forms of email authentication to verify that an email is actually from you or your business. In most instances an SPF record will be more than sufficient however properly configuring email authentication standards is one of the most important steps you can take to improve your deliverability. If your business works in the financial sector you may find more instances where emails are rejected if they do not have a more “complete” email authentication policy. Where websites are involved where ensuring customers receive important automated correspondence then transactional mail is an important add-on which provides the next level of deliverability options.
Something the article peaked your interest? We’re never more than a contact form or a quick call away so please don’t hesitate to get in touch!