DomainKeys Identified Mail (DKIM) is an authentication framework that allows verification of the source and contents of messages by Mail Transfer Agents (MTAs) or Mail User Agents (MUAs). With DKIM, a signer can cryptographically sign an email message for a domain, claiming responsibility for its authenticity. The recipient verifies the signature by querying the signing domain for the public key to confirm that the signature was encrypted by the appropriate private key. DKIM-Signatures are generated by code which the signer adds to the appropriate agent.
The DKIM-Signature is a header field that contains all of the signature and key-fetching data. This field contains tags with specific details about the email message, such as the signing domain where the verifier can find the public key (“d”), the specific header fields as of signing (“h”), or the number of octets in the body of the message (“l”). These tags protect the integrity of the email message, proving that it is from a legitimate source and that its contents have not been tampered with. Thus DKIM protects a domain from being spoofed for the proliferation of spam or in a phishing attempt, as well as from data tampering in an MITM attack.
A DKIM-Signature looks like:
DKIM-Signature: v=1; a=rsa-sha1; q=dns; d=example.com; i=user@eng.example.com; s=jun2005.eng; c=relaxed/simple; t=1117574938; x=1118006938; h=from:to:subject:date; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSb av+yuU4zGeeruD00lszZVoG4ZHRNiYzR