DKIM

30th December 2020 | Cybrary DKIM


dkim cybrary

DKIM (DomainKeys Identified Mail) is an email authentication tool that verifies messages are sent from a legitimate user’s email address. It’s designed to prevent email forgery and spoofing; essentially phishing. DKIM works by attaching a digital signature to the header of an email message. The header is generated by the sender’s email domain with each domain owning its own unique header. The receiving mail system analyzes the header against a public key stored in the sending server’s DNS record to confirm the authenticity of the message. Authentic messages are accepted while others are rejected.

Source: TechTerms, SparkPost

Additional Reading: Setting Up DMARC and DKIM – CyberHoot

Related Terms: DMARC, DNS, Phishing

What does this mean for an SMB?

SMBs should have DMARC and DKIM set and enabled (alongside SPF records) to help avoid malware and phishing attacks from landing in user inboxes.  When all three are setup, you protect not only your own users, but your client’s users from fake messages sent from your domain as well.  You are helping to protect your clients from impersonation attacks claiming to be you! Here are some additional actions you can take to improve your security program and reduce the chances of becoming a victim:

  1. Setup SPF, DKIM, and DMARC records to block the receipt of emails masquerading as your domain name.
  2. Train your employees on how to spot, avoid, and delete phishing attacks.
  3. Test your employees with Phish Testing attacks; re-train those that fail your tests.
  4. Purchase and train your employees on how to use a Password Manager. If you visit a phishing website and try to enter your password credentials using a Password Manager, you will NOT be able to.

To learn more about DKIM and DMARC, watch this short video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

The Ransomware an AI Model Built Without Trying

The Ransomware an AI Model Built Without Trying

Researchers went looking for a fake photo upscaler and found something stranger: a ransomware kit an AI model...

Read more
CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused,...

Read more
Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans...

Read more