DKIM Core

What is DKIM Core?

DKIM Core is a way to attach a token (or tokens) to an email that tells the recipient who is responsible for the email (typically the token would represent the author of the email, the operator of the email service, or the owner of a mailing list, but it might also represent others, such as email reputation or certification services).

Who is it for?

It is for anyone who sends email and owns their own domain name. It is likely to be most useful for senders of bulk email (whether they send the mail themselves or have the mail sent on their behalf by a third party email service provider), but is also useful for enterprises, consumer ISPs and anyone else who sends email.

DKIM Core is not intended for use by those who receive email. Receivers wishing to support DKIM Core on inbound email should implement DKIM, as described in RFC 6376.

What is it useful for?

It allows an email sender to keep using the same token even if they change their “From” address, the IP address of their mailserver or the email service provider they use to send their email. That way anyone receiving the email can tell that the email is coming from the same organization as previous emails they've received.

Spam filters can then use that token to recognize that a piece of email is not spam, and should be delivered to the recipients inbox. That may be done automatically, based on email with that token having a history of being wanted by recipients. Or it may be done manually, via a whitelist agreement between the sender and the recipients ISP - in which case it may also provide other benefits, such as displaying images in email automatically.

It can also be used as a basis for feedback loops where a consumer ISP sends information about a recipients response to emails to the sender, allowing the sender to stop sending email to recipients who no longer want to receive it.

Taken together, this will allow email senders to take action to maintain good delivery rates, and provide a better experience for recipients.

How is DKIM Core different to DKIM?

The DKIM Core specification is a simplified subset of DKIM.

Any email that attaches a DKIM Core token is also validly DKIM signed. This means that receivers and spam filters don’t need to do anything differently to support DKIM Core - if they support DKIM, they already support DKIM Core.

DKIM Core is a less complex system than DKIM for senders to understand and deploy, yet provides all the same delivery advantages as DKIM.

How is DKIM Core simpler than DKIM?

DKIM Core eliminates some complex, unneeded features from DKIM. It also removes some choices, so rather than enumerating and explaining multiple ways to do something and leaving the choice of which to use up to the implementor DKIM Core chooses a sensible default and describes only that option.

By doing this DKIM Core can help senders avoid some operational and scaling issues that aren't immediately apparent from the standard DKIM documentation.

What do I need to do to use DKIM Core?

You need to decide what domain name to use as the token to attach to your email. This need not be the same as the domain name you use in the From address in your email, but does need to be a domain name you control and can create DNS entries for. Typically, if you own a single domain you would use that. If you own multiple domain names then you would use your “main” domain name, even if you use different domain names in the From address of the email you send.

Then see the deployment suggestions for advice on how to set up DKIM Core for your situation.

What do I need to know to write software to support DKIM Core?

See the DKIM Core specification. That should include all the information you need to develop software to create and attach DKIM Core tokens (and if it doesn't, contact us) but you may find some additional context in the full DKIM document set.