Domain Key Identified Message(DKIM) is a signature-based email authentication technique designed to allow the receiver to check if an email was sent and authorised by the owner of the domain. This allows an organisation to assert responsibility for a message sent under an associating domain name. DKIM has been published as a Standards Track document by the IETF as RFC6376.
The need for email-validated identification arises because forged addresses and content are otherwise easily created and widely used in spam, phishing, and other email-based fraud. For example, a fraudster may send a message claiming to be from firstname.lastname@example.org to convince the recipient to accept and read the email, and it is difficult for recipients to establish whether to trust this message. System administrators also have to deal with complaints about malicious email that appears to have originated from their systems but did not.
Thus, DKIM can sign a message and allows the signer (author organisation) to communicate which email it considers legitimate. Moreover, it also provides a process for verifying a signed message. Verifying modules typically act on behalf of the receiver organisation, possibly at each hop. However, it does not directly prevent or disclose abusive behaviour.
DKIM uses two actions to verify the messages. The first action takes place on a server sending DKIM signed emails, while the second happens on a recipient server checking DKIM signatures on incoming messages. The entire process is made possible by a private/public key pair. The private key is kept secret and safe, either on the server or with your email service providers, and the public key is added to the DNS records for your domain to broadcast it to the world to help verify your messages.