DKIM is a technology that combines several anti-phishing and anti-spam methods to improve the quality of classifying and identifying legitimate emails. In simpler terms, DKIM is another email authentication method alongside SPF.
The working principle is based on two keys: a public key and a private key. The public key is placed in a DNS record in the txt field. The private key is located on the sender's server. For each email sent with a private key, the encrypted body of the email, service headers, sending time, and other parameters are added to the headers.
The email provider checks the sender's domain once it receives the signed email message. Using the public key, it decrypts the header and verifies the correspondence between the email and the information in the header.
A signature in mass email distributions is mandatory for most email providers. It identifies the sender, and ISPs consider them trustworthy. DKIM and an SPF record make phishing attacks much more challenging.
In most email marketing platforms, signature settings are enabled by default. In such cases, the emails are technically sent on the marketing service's behalf. For larger campaigns, it is recommended to conduct mailings on behalf of your own domain to build a reputation and reduce the risk of phishing attacks.
Major ESPs offer the option of configuring signatures for your domain. In some, it's a standard procedure when opening an account; in others, it's an extra option. In both cases, the platform provides a generated public key that needs to be placed in DNS records. Afterward, email signatures will be configured automatically.