To put it in a nutshell, DomainKeys Identified Mail (DKIM) enables a receiving email server to authenticate the sender of an email. The sending email server digitally signs each sent email. These signatures are cryptographically created with a so-called private key. These digital signatures are placed in the email header, which the end user normally doesn’t see. The receiving email server can, however, validate these signatures via the corresponding public key which needs to be placed in the Domain Name System (DNS), so the receiving email server can fetch it from there.