Glossary

DKIM Signature Header

A DKIM signature is a cryptographic hash of the body and selected headers, signed with the sender’s private key. It appears in the DKIM-Signature header. Receivers verify using the public key at selector._domainkey.domain.

What breaks verification

Key rotation without DNS update, mailing lists that mutate content, or truncated DNS keys.

FAQ

What is d= in DKIM-Signature?

The signing domain — must align with From for DMARC (relaxed or strict).

What is s=?

The selector — points to DNS TXT at s._domainkey.d.

Can one message have multiple DKIM signatures?

Yes — common when multiple systems touch the message.

← All terms