ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

DKIM

DomainKeys Identified Mail. RFC 6376 lets a sending domain sign its emails to prove authenticity.

Definition

DKIM (DomainKeys Identified Mail) is an IETF mechanism that adds a cryptographic signature to an email header so that any recipient can verify the message comes from the claimed domain and has not been altered in transit. The public key is published in a TXT DNS record under selector._domainkey.example.com.

Origin

DKIM emerged from the merger of DomainKeys (Yahoo, 2004) and Identified Internet Mail (Cisco, 2004), standardised in RFC 4871 (2007) and revised in RFC 6376 (2011). It is today a pillar of email authentication policies alongside SPF and DMARC. In the AS1 context, DKIM provides a complementary authentication layer on top of payload S/MIME.

Example in context

DKIM-Signature: v=1; a=rsa-sha256; d=ediverse.io; s=2026-q2;
  h=from:to:subject:date; bh=HASH; b=SIGNATURE

This header, added by the outbound MTA, certifies that ediverse.io signed the body and listed headers with the public key published at 2026-q2._domainkey.ediverse.io. Any receiving MTA can verify the signature by querying DNS, with no prior key-sharing.

  • AS1 — the EDI-over-SMTP protocol that can benefit from DKIM.
  • S/MIME — MIME signature, complementary to DKIM.
  • Non-repudiation — property reinforced by DKIM.

Last updated: May 14, 2026