DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) are both utilized for email authentication.
In this Article
How Does it Work?
DKIM is a method of email authentication that is used to identify whether an email sender's address of forged; forged email addressed are a common technique used in phishing/email scams. DKIM is used to verify that an email claiming to come from a legitimate domain is authorized by the actual owner of the domain the email came from. This verification process is accomplished by attaching a digital signature (that is linked to a domain name) to every outgoing email - the recipient email system then can verify the validity of the email/sender by looking up the sender's information (public key) that is published in the DNS.
A digital signature ensures that the email (including attachments) has not been modified; these digital signatures are usually not visible to end users and they are attached by the email system infrastructure rather than by a sender or recipient of an email. DKIM is compatible with SPF and they can work in conjunction for email authentication.
SPF is a method of email authentication that is utilized during the delivery of an email to identify whether the sender address has been forged. Unlike DKIM, SPF only detects a forged sender address when an email bounces - for more information on email bounces, the Emails Overview article can be reviewed.
SPF provides the ability for the receiving mail server to review emails during delivery and verify whether an email coming from a specific domain was submitted by an IP address that is authorized by the domain administrators. This verification occurs by verifying that the IP address that submitted the email is one of the IP addresses for the domain that are published in the (DNS) records for the domain.