What is DKIM and why is it used?

DKIM (DomainKeys Identified Mail) is a method that enables the receiving mail server to check whether an incoming e-mail really comes from the specified sender and has not been changed during transmission.

For this purpose, a digital signature is added to every outgoing email from TU Darmstadt at the DFN gateway, which is only valid for this email and the issuing domain. The signature and thus the authenticity and integrity of the email can be checked using the public key of this signature, which can be retrieved by the receiving mail server. This procedure works automatically between the mail transport systems, so there is no need for action on the part of the user.

The action is necessary because mail providers are increasingly categorising or rejecting emails as SPAM that do not have a valid DKIM signature. It helps to counter security threats such as email phishing and spoofing and to maintain the reputation and trustworthiness of the sending domain. DKIM is also a prerequisite for further security measures in email traffic.

Does the activation of DKIM also affect the subdomains *.tu-darmstadt.de?

The activation on 06.01.2025 only affects the central domain tu-darmstadt.de and therefore all sender addresses *@tu-darmstadt.de. However, the activation of DKIM for all subdomains is to be driven forward quickly at the beginning of 2025. There are still some special cases to be considered. IT admins of decentralised email servers will be informed separately.