DKIM

DKIM (DomainKeys Identified Mail) is an RFC 6376 standard that adds a DKIM-Signature header to outgoing email. The header is an RSA or Ed25519 signature over the message contents, signed with a private key whose public counterpart is published in DNS as a TXT record.

The receiving MTA fetches the public key from DNS, verifies the signature and confirms that (a) the email genuinely came from the claimed domain and (b) the message body wasn't modified in transit.

When you add a domain to Sendersy, we generate an RSA-2048 keypair once and keep the private half in Postal MariaDB. You publish the public half as a TXT record postal-XXXX._domainkey.yourdomain.com at your registrar — we hand you the exact value. From then on, DKIM signatures are added to every outgoing email automatically.

DKIM alone doesn't prevent spam but is a hard prerequisite for DMARC and for inbox placement at Gmail/Yahoo since 2024 (new sender requirements for ≥5 000 emails/day).