DomainKeys Identified Mail - FAQ’s   (from dkim.org)

What is the purpose of DKIM?	DKIM lets an organisation take responsibility for a message. The organisation taking responsibility is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for delivery.
What does DKIM do?	The responsible organization adds a digital signature to the message, associating it with a domain name of that organisation.  Typically, signing will be done by an service agent within the authority of the message originator's Administrative Management Domain (ADMD). Signing might be performed by any of the functional components, in that environment, including: Mail User Agent (MUA), or Mail Submission Agent (MSA), Internet Boundary MTA. DKIM permits signing to be performed by authorized third-parties.
Who validates the signature?	After a message has been signed, any agent in the message transit path can choose to validate the signature. Typically, validation will be done by an agent in the ADMD of the message recipient. Again, this may be done by any functional component within that environment. Notably this means that the signature can be used by the recipient ADMD's filtering software, rather than requiring the recipient end-user to make an assessment.
What does a DKIM signature mean?	The owner of the domain name being used for a DKIM signature is declaring that they are accountable for the message. This means that their reputation is at stake. Receivers who successfully validate a signature can use information about the signer as part of a program to limit spam, spoofing, phishing, or other undesirable behavior, although the DKIM specification itself does not prescribe any specific actions by the recipient.
NOTE:	An interesting example of signature use is to detect email that purports to be from a user of the receiving site. If that site signs all its email, then incoming mail that purports to be from one of the site's users, but is not signed, is not valid .
Will using DKIM improve my deliverability and guarantee that my marketing mail goes directly to the recipients' inbox, bypassing any spam filters?	Whether this improves deliverability or bypasses filters is entirely at the discretion of the validating receivers. When a message has been signed using DKIM, a receiver uses their knowledge about the signer to determine the most appropriate treatment of the message. It is expected that messages from a signer who has a good reputation will be subject to less scrutiny by the receiver's filters.
What does DKIM not do?	Examples include: DKIM does not offer any assertions about the behaviours of the identity doing the signing. DKIM does not prescribe any specific actions for receivers to take upon successful (or unsuccessful) signature validation. DKIM does not provide protection after message delivery. DKIM does not protect against re-sending (replay of) a message that already has a valid signature; therefore a transit intermediary or a recipient can re-post the message in such a way that the signature would remain valid, although the new recipient(s) would not have been specified by the originator.
S/MIME and OpenPGP also do email digital signing. Why not simply use one of them?	Unlike other mechanisms, DKIM satisfies the short-term needs of email transit authentication. This makes it less costly to use. It also can be entirely invisible to end-users whose software does not support DKIM, whereas S/MIME and OpenPGP are quite intrusive.
DKIM is claimed to be an upgrade of Yahoo's DomainKeys.What is different and why should I upgrade?	DKIM is the result of a multi-company effort to enhance DomainKeys for broader adoption, better security, and more flexibility.
NOTE:	DKIM is upward compatible with existing DomainKeys DNS records, so that a DKIM module does not automatically require additional DNS administration!

For further information on the full range TFS products, contact CMS Software direct. You'll find our contact details here.