DKIM allows the receiver of an email message to check if that message was authorized and sent by the sender responsible for the domain.
- A sender adds a private key on their mail servers and signs the message.
- The receiving server checks the public key stored in the TXT of dkimselector_domainkey.domain.com to validate the private key added by the sender.
Suppose we are using SendGrid to send emails on behalf of a customer. We can call SendGrid API to generate a public private key pair for the customer’s domain. The private key is sent along with the email. The public key is displayed to the sender, who then has to add it as a TXT record. Authenticity is established using Asymmetric Encryption or Public Key Cryptography.
Sender Policy Framework (SPF) is a way for a domain to list all the servers they send emails from. It informs ISPs which IPs are able to send on their behalf.