Fix my spam has over 8 yrs experience in enterprise level anti spam solutions tech / dkim / worldwide

DKIM (Domain Keys Identified Mail)

DomainKeys is a method of e-mail authentication in which outgoing mail contains an encrypted signature specific to the sending domain and on receipt the key is compared with the Public key. If the two values match, this cryptographically proves that the mail originated at the purported domain and has not been tampered with in transit.

The first version of DKIM synthesized and enhanced Yahoo!'s DomanKeys and Cisco's Identified Internet Mail specifications. It was the result of a year-long collaboration among numerous industry players, during 2005, to develop an open-standard e-mail authentication specification. Participants included Alt-N Technologies, AOL, Brandenburg InternetWorking, Cisco, EarthLink, IBM, Microsoft, PGP Corporation, Sendmail, StrongMail Systems, Tumbleweed, VeriSign and Yahoo!. The team produced the initial specification and several implementations. It then submitted the work to the IETF for further enhancement and formal standardization. The IETF has now approved the revised specification as a Proposed Standard and published it as RFC 4871.

What is the purpose of DKIM?

DKIM lets an organization take responsibility for a message. The organization taking responsibility is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for delivery.

What does DKIM do?

The responsible organization adds a digital signature to the message, associating it with a domain name of that organization. Typically, signing will be done by an service agent within the authority of the message originator's Administrative Management Domain (ADMD). Signing might be performed by any of the functional components, in that environment, including: Mail User Agent (MUA), or Mail Submission Agent (MSA), Internet Boundary MTA. DKIM permits signing to be performed by authorized third-parties.

Who validates the signature?

After a message has been signed, any agent in the message transit path can choose to validate the signature. Typically, validation will be done by an agent in the ADMD of the message recipient. Again, this may be done by any functional component within that environment. Notably this means that the signature can be used by the recipient ADMD's filtering software, rather than requiring the recipient end-user to make an assessment.

What does a DKIM signature mean?

The owner of the domain name being used for a DKIM signature is declaring that they are accountable for the message. This means that their reputation is at stake.

Receivers who successfully validate a signature can use information about the signer as part of a program to limit spam, spoofing, phishing, or other undesirable behavior, although the DKIM specification itself does not prescribe any specific actions by the recipient.

Will using DKIM improve my deliverability and guarantee that my marketing mail goes directly to the recipients' inbox, bypassing any spam filters?

Whether this improves deliverability or bypasses filters is entirely at the discretion of the validating receivers. When a message has been signed using DKIM, a receiver uses their knowledge about the signer to determine the most appropriate treatment of the message. It is expected that messages from a signer who has a good reputation will be subject to less scrutiny by the receiver's filters.

DKIM is the result of a multi-company effort to enhance DomainKeys for broader adoption, better security, and more flexibility.