Also known as: DomainKeys Identified Mail
An email-authentication standard that adds a cryptographic signature proving a message was not altered in transit.
DKIM (DomainKeys Identified Mail) attaches a cryptographic signature to every message you send, using a private key. The receiving server looks up your public key in DNS and verifies the signature — proving the mail genuinely came from your domain and was not tampered with along the way.
Unlike SPF, DKIM survives forwarding, because the signature travels with the message rather than depending on the connecting server. Together, SPF and DKIM give receivers two independent ways to trust your mail.
DKIM is also the foundation for DMARC alignment, which ties the authenticated domain to the visible "From" address recipients actually see.
An email-authentication standard that lets a domain list which servers are allowed to send mail on its behalf.
A policy standard that builds on SPF and DKIM to tell receivers what to do with mail that fails authentication.
The ability of your email to actually reach recipients' inboxes rather than being blocked or filtered to spam.
See it in action
Check any address against BounceShift's multi-layer engine — syntax, MX, disposable, and role checks free, with full SMTP verification on signup.