DKIM — DomainKeys Identified Mail

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing email messages, allowing receiving servers to verify the message came from an authorized sender and was not altered in transit. This guide explains how DKIM signing works, how to publish a DKIM public key as a DNS TXT record, how to choose a selector, key rotation best practices, which headers are signed, and how to troubleshoot DKIM validation failures using header analysis.