--- title: "The Emergence of DKIM: A Cryptography-Based Email Authentication Protocol | DMARC Report" description: "Navigating through the complexities of email security and the limitations of SPF." image: "https://dmarcreport.com/og/blog/the-emergence-of-dkim-a-cryptography-based-email-authentication-protocol.png" canonical: "https://dmarcreport.com/blog/the-emergence-of-dkim-a-cryptography-based-email-authentication-protocol/" --- Quick Answer Navigating through the complexities of \[email security\](https://dmarcreport.com/blog/an-overview-of-email-security-landscape-in-2023/) and the limitations of SPF, the urgency to develop a protocol that doesn’t break on \[email forwarding\](https://en.wikipedia.org/wiki/Emailforwarding) was needed. This led to the genesis of DomainKeys Identified Mail or DKIM. Its roots date back to the early 2000s when email-based cybercrimes were escalating. This led to the initiation of a collaborative effort by a group of industry experts, including Mark Delany, Philip Hallam-Baker, and others. Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fthe-emergence-of-dkim-a-cryptography-based-email-authentication-protocol%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=The%20Emergence%20of%20DKIM%3A%20A%20Cryptography-Based%20Email%20Authentication%20Protocol&url=undefined%2Fblog%2Fthe-emergence-of-dkim-a-cryptography-based-email-authentication-protocol%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fthe-emergence-of-dkim-a-cryptography-based-email-authentication-protocol%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fthe-emergence-of-dkim-a-cryptography-based-email-authentication-protocol%2F&title=The%20Emergence%20of%20DKIM%3A%20A%20Cryptography-Based%20Email%20Authentication%20Protocol "Share on Reddit") [ ](mailto:?subject=The%20Emergence%20of%20DKIM%3A%20A%20Cryptography-Based%20Email%20Authentication%20Protocol&body=Check out this article: undefined%2Fblog%2Fthe-emergence-of-dkim-a-cryptography-based-email-authentication-protocol%2F "Share via Email") ![The Emergence of DKIM: A Cryptography-Based Email Authentication Protocol](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) ## Try Our Free DKIM Lookup Auto-discover DKIM selectors for any domain - scan 185 common selectors across all major providers. [ Discover DKIM Selectors → ](/tools/dkim-lookup/) Navigating through the complexities of [email security](https://dmarcreport.com/blog/an-overview-of-email-security-landscape-in-2023/) and the limitations of SPF, the urgency to develop a protocol that doesn’t break on [email forwarding](https://en.wikipedia.org/wiki/Email%5Fforwarding) was needed. This led to the genesis of DomainKeys Identified Mail or DKIM. Its roots date back to the early 2000s when \*\*email-based cybercrimes were escalating. _This led to the initiation of a collaborative effort by a group of industry experts, including Mark Delany, Philip Hallam-Baker, and others_. > DKIM is the authentication protocol that survives email forwarding, says Brad Slavin, General Manager of DuoCircle. When SPF fails because a forwarder’s IP isn’t in the original record, DKIM alignment is the only path to DMARC pass. That’s why we monitor DKIM alongside SPF in every DMARC Report dashboard. The three core email authentication standards - SPF ([RFC 7208](https://datatracker.ietf.org/doc/html/rfc7208)), DKIM ([RFC 6376](https://datatracker.ietf.org/doc/html/rfc6376)), and DMARC ([RFC 7489](https://datatracker.ietf.org/doc/html/rfc7489)) - work together to verify that an email genuinely originates from the domain it claims to represent. Since February 2024, Google and Yahoo require all three for bulk senders. Here’s a more detailed walk-through of its introduction, evolution, and present structure. ## Merger and Evolution ![Dmarc check](https://media.mailhop.org/dmarcreport/images/2023/11/dmarc-check-1138.jpg) DKIM was developed to satisfy the need to replace the old and inefficient Simple Mail Transfer Protocol; later, DKIM became an integral part of [DMARC](https://dmarcreport.com/) in coordination with SPF. The story began with the merging of Cisco’s Identified Internet Mail (IIM) in 2007, which was then a standardized [email authentication](https://dmarcreport.com/blog/spf-vs-dkim-vs-dmarc-difference-explained-2026/) method that combined the best elements of DomainKeys and Identified Internet Mail. Jim Fenton and Michael Thomas created IIM, which uses a public/private pair of [cryptographically secured keys](https://www.thesslstore.com/blog/cryptographic-keys-101-what-they-are-how-they-secure-data/) that verify an email’s authenticity. It decides if a message should be accepted or rejected based on a \*\*basic binary system concept. Yahoo’s DomainKeys was developed and introduced by Mark Delany in 2004 , and its primary version underwent improvisation by other team members. In the following years, [DKIM](https://dmarcreport.com/what-is-dkim/) got recognition, and its scope of expansion allowed it to get published as an open standard in RFC 4871, behaving as a framework for email users to digitally sign their messages so that recipients’ \*\*mail servers could verify their authenticity. ## Yahoo’s DomainKeys Yahoo’s DomainKeys was introduced to put in place a mechanism that could verify the sender’s authenticity and ensure the email body wasn’t tampered with in transit. The approach relied on \*\*rapid assessments using a binary “yes or no” method, directing emails either to the spam folder or the inbox. It’s based on signatures and originally utilized a key pair; public and [private keys](https://www.techtarget.com/searchsecurity/definition/private-key). While the process bears a resemblance to contemporary **DKIM protocols**, its execution is more intricate. _It involved two distinct procedures: one from sending servers and another from receiving servers_. DomainKeys, crafted by Yahoo!, aimed to assist organizations such as banks and e-commerce stores in countering [email spoofing](https://cybernews.com/security/scammers-exploit-office-365-to-target--executives/) and \*\*phishing attacks while safeguarding users. This initial open-standard authentication concept would later evolve into the DKIM we recognize today, thanks to collaborative efforts from industry leaders like IBM, Microsoft, VeriSign, and CISCO. ## Cisco’s Identified Internet Mail IIM by Cisco works as a medium to implement \*\*cryptographic signatures to email messages so that \*\*receiving servers \*\*can verify if the sender is actually who they are claiming to be. A receiver’s server performs the verification check by matching the digital signature. [Mail Transfer Agents (MTAs)](https://www.warmupinbox.com/post/mail-transfer-agent) or Mail User Agents (MUAs) play a vital role in the authentication process, and \*\*email administrators operate this system with their help. IIM was developed for another purpose than just filtering spoofed emails ; it allows email receivers to classify and prioritize desired emails. ![Create dmarc record](https://media.mailhop.org/dmarcreport/images/2023/11/create-dmarc-record-15.jpg) ## The Robust Duo In 2007, both Yahoo and Cisco came together with their technologies to merge them into what we know today as DKIM or Domain Keys Identified Mail protocol. Their joint efforts led to the establishment of a base for the [IETF stand](https://www.tec.gov.in/ietf)[ards](https://www.tec.gov.in/ietf) that consequently paved a path for the formation of STD 76, which is now popular as the **RFC 6376**, a document formed and published in 2011. Initially, it was challenging for DKIM to align well with different **email service providers**. However, after thorough tests and improvisations, it got along with Yahoo, Gmail, AOL, and FastMail. _During its initial phase, its strict verification mechanism ended up discarding hundreds and thousands of emails due to the absence of digital signatures_. \_In the beginning, its users altered their [mail list software](https://en.wikipedia.org/wiki/List%5Fof%5Fmailing%5Flistsoftware) rather than making changes to DKIM. ## Significance in the Modern Landscape In the contemporary **digital landscape**, where [cyber threats](https://www.spiceworks.com/it-security/vulnerability-management/articles/what-is-cyber-threat/) continue to evolve, DKIM remains a crucial component of the email authentication ecosystem. It plays a pivotal role in preventing email spoofing, phishing attacks, and the [manipulation of email content](https://theconversation.com/chatbots-can-be-used-to-create-manipulative-content-understanding-how-this-works-can-help-address-it-207187). DKIM works with other [email authentication protocols](https://dmarcreport.com/what-is-dmarc/), such as [SPF](https://dmarcreport.com/what-is-spf/) (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance), to provide a \*\*multi-layered defense against malicious activities. _Collectively, these protocols contribute to the establishment of a secure and trustworthy email environment_. ## Sources - [RFC 7208 - Sender Policy Framework (SPF)](https://datatracker.ietf.org/doc/html/rfc7208) - [RFC 7489 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)](https://datatracker.ietf.org/doc/html/rfc7489) ## Topics [ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/) ![Adam Lundrigan](https://media.mailhop.org/dmarcreport/images/authors/adam-lundrigan.jpg) [ Adam Lundrigan ](/authors/adam-lundrigan/) CTO CTO of DuoCircle. Leads engineering for DMARC Report and DuoCircle's email security product portfolio. [LinkedIn Profile →](https://www.linkedin.com/in/adamlundrigan/) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Intermediate 8m Decoding I-Tag DKIM Vulnerability and Its Impact on Email Deliverability and Security Jun 6, 2024 ](/blog/decoding-i-tag-dkim-vulnerability-and-its-impact-on-email-security/)[ Intermediate 4m Getting Rid of Common SPF Errors for Email Security and Delivery Dec 20, 2023 ](/blog/getting-rid-of-common-spf-errors-for-email-security-and-delivery/)[ Intermediate 5m What is a DKIM Replay Attack and How to Prevent it? Apr 10, 2024 ](/blog/what-is-a-dkim-replay-attack-and-how-to-prevent-it/)[ Intermediate 6m The Definitive Guide To Configuring SPF and DKIM for Salsa Labs Jan 12, 2026 ](/blog/how-to-configure-spf-and-dkim-in-salsa-labs/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"The Emergence of DKIM: A Cryptography-Based Email Authentication Protocol","description":"Navigating through the complexities of email security and the limitations of SPF.","url":"https://dmarcreport.com/blog/the-emergence-of-dkim-a-cryptography-based-email-authentication-protocol/","datePublished":"2023-11-29T10:37:30.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2023-11-29T10:37:30.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/adam-lundrigan/#person","name":"Adam Lundrigan","url":"https://dmarcreport.com/authors/adam-lundrigan/","jobTitle":"CTO","description":"Adam Lundrigan is the Chief Technology Officer of DuoCircle, where he leads engineering across DMARC Report, AutoSPF, and the company's email security portfolio. His technical focus includes DMARC report processing infrastructure, DNS monitoring systems, and the SPF evaluation logic that powers DuoCircle's authentication tools.","image":"https://media.mailhop.org/dmarcreport/images/authors/adam-lundrigan.jpg","knowsAbout":["DMARC Report Processing","DNS Architecture","Email Authentication","SaaS Engineering","DNS Monitoring","Infrastructure Automation"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/adamlundrigan/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/the-emergence-of-dkim-a-cryptography-based-email-authentication-protocol/"},"articleSection":"intermediate","keywords":"dkim, DMARC, email security, SPF","wordCount":805,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"The Emergence of DKIM: A Cryptography-Based Email Authentication Protocol","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://dmarcreport.com/intermediate/"},{"@type":"ListItem","position":4,"name":"The Emergence of DKIM: A Cryptography-Based Email Authentication Protocol","item":"https://dmarcreport.com/blog/the-emergence-of-dkim-a-cryptography-based-email-authentication-protocol/"}]} ```