DKIM (DomainKeys Identified Mail) is an email authentication tool that verifies messages are sent from a legitimate user’s email address. It’s designed to prevent email forgery and spoofing; essentially phishing. DKIM works by attaching a digital signature to the header of an email message. The header is generated by the sender’s email domain with each domain owning its own unique header. The receiving mail system analyzes the header against a public key stored in the sending server’s DNS record to confirm the authenticity of the message. Authentic messages are accepted while others are rejected.
Additional Reading: Setting Up DMARC and DKIM – CyberHoot