Cisco Blogs

DomainKeys Identified Mail (DKIM) Grows Significantly

June 15, 2009 - 40 Comments

DomainKeys Identified Mail (DKIM), an IETF standards-track signature-based mechanism for authenticating email messages, has seen significant growth in usage this year. DKIM is the result of combining Yahoo’s DomainKeys technology with Identified Internet Mail which was developed at Cisco. The following graphs tell much of the story:This counts the number of messages from domains other than that are not classified as spam and have valid DKIM signatures. During this time, the amount of non-spam email received by Cisco has remained relatively constant. Some of this growth comes from large domains such as Gmail and Yahoo!. But much of this comes from many small domains that are also signing their messages. That story is told by the other graph:This graph counts the number of domains in a given week we have received at least one DKIM-signed message from. This has grown steadily as additional domains deploy DKIM signing. The big explosion of domains in April 2009 is due to a large email sending provider that uses a separate domain for each of their customers that has recently deployed DKIM signing.The important part of the story is only indirectly told by these graphs, however. It is the use of DKIM signatures to improve trust in email, and not the presence of the signatures themselves, that really matters. This is indirectly shown because the justification to deploy DKIM signing for many domains is that it may improve the domain’s deliverability (decreases the likelihood that the domain’s mail will be classified as spam by the recipient). Google and Yahoo! have announced that messages with valid DKIM signatures, where the domain has established a good reputation with them, are less likely to be classified as spam. This has real value to many senders, and it’s the real value proposition for DKIM: It provides a basis for more accurate evaluation of incoming mail by recipients.I’m proud of the industry’s progress in improving the trust landscape for email, and of Cisco’s participation in that effort.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Commendable – for the first time I hear about this technology in the industry my spam is terrible. A good addition would be a filter to assess how much money is given for the domain – spammers never buy . Com”” to its real price and benefit from various discounts and promotions.”

  2. This is great news. DKIM is growing much in Romania also. DKIM is useful to prevent SPAM.

  3. Spamming is an issue which need to be improved much more .till now spam filtering technology is good but not enough .

  4. We really needed a new technology in order to secure emails and avoid spam.DKIM could definitely be this innovative tool. Let’s draw attention to its exponential developement.

  5. Hope this will work in stopping spam mail…

  6. I HATE spam !! I don’t understand how people think that sending thousands of emails of crap out actually will make them moeny. And what I also don’t understand is why people would write malicious software that automates this stuff. Any move in the industry to get rid of it is welcome any day!!

  7. This is unavoidable. As email marketing is the oldest and up to now also the best method to promote business. As everybody who use the internet, he or she must has an email account first. And check the mail box very frequently.

  8. As an owner of a fairly heavily trafficked website I’m constantly fighting spam bots and the like. I’m glad to see that Yahoo and Cisco are joining forces in the fight.

  9. General impression is good. However, I would agree to the cost effectiveness point touched upon by several respondents already. CISCO and Yahoo, I am sure, can afford to make such codes simple and not expensive, and to make it available in as many languages as possible. It will then lead to an expansion and popularity. Mean while the price and code complicatedness scares most of the clients off.

  10. Unfortunately, until we get a global ‘internet police force’ then we will all just have to accept spammers as an occupational hazard. with the amounts of money to be made sending spam emails its hardly surprising that organised criminal gangs are getting involved, after all its a lot less hazardous than running drugs for example.

  11. Many of the values in the DKIM TXT RR will depend on those defined for the mail signer software. While creating this documentation we used OpenDKIM as a reference source which supports sendmail and postfix through the milter interface. So i think that email spammers received email data from the business email scam companies.

  12. I would agree with most of the other comments, I really like how DKIM is reducing the amount of spam coming in. I remember not too long ago when my box would be filled with hundreds of junk messages.

  13. The only problem I’ve had with DKIM so far is that it’s significantly more difficult to implement than, say, just posting SPF records. Plus it only seems Yahoo is using it extensively right now.I’m wondering if anyone has any good resources that provide simple walkthroughs for DKIM…something a bit easier to follow than what’s found on

  14. General impression is good. However, I would agree to the cost effectiveness point touched upon by several respondents already. CISCO and Yahoo, I am sure, can afford to make such codes simple and not expensive, and to make it available in as many languages as possible. It will then lead to an expansion and popularity. Mean while the price and code complicatedness scares most of the clients off.Yuri

  15. I think domain keys are the central building block of taxing emails on the internet. Do you actually believe this will prevent spam? I can go buy a new domain name, hosting, email lists, create spf records and domain keys for my domain and be spamming within an hour. What a joke (just kidding). The only matter this is meant to do is to make a closed email system where in you can’t send emails to providers without being ‘authorized’. And this permission can be speedily revoked.But, I have a questions for you, How long do you think it will take until domain keys are made and distributed by some government alphabet agency?? Please give me your answer and please send to my email. Thanks a lot

  16. I still use SPF myself, largely due to the simplicity of it versus DKIM as the original commentor mentioned.

  17. Thanks for the article, Jim. I hope DKIM keeps growing. I still receive spam e-mails, but they do seem to be reducing in number. Thank you Cisco for helping make the internet a little safer.

  18. Well, at least DKIM is useful invention to prevent SPAM. I hope in the future DKIM can improve it and become more useful.

  19. This is really something quite revolutionary. I never heard about this domainkey identified mail anywhere. Though we all can have differing opinion, I must say I am amazed to see this post about domain key identified mail with genuine information. Surprised the site is not frozen with comments! LOL

  20. CISCO has shown leadership in developing this technology. The increase in its usage shows that it will pay major dividends in the near future and we will all benefit from DKIM and in how messages can be classified as SPAM.

  21. I think that spammers collect email data from the worldwide buying and selling business email scam companies. I’ve been involved with a company that manages the membership website which has thousands of active email data and then they sell abroad.or is there another way spammers send their junk emails to the mail box and even without being detected as spam?

  22. I wanted to ask, do Google uses this kind of data for Gmail when it says the message doesn’t come from the mail address mentioned?I don’t really feel unsafe about phishing, but such data really helps a lot those who are still learning about the Internet.

  23. The growth in DKIM use seems to be very good news, as it seems to be an effective way of preventing mass spam. Whether it will carry on being a good spam prevention measure in the future is questionable. Still, this is a very valuable advance to the internet at this time.

  24. DKIM seem serious improvement to their services in recent years… great.. i hope this a good news for us

  25. This article is verty interesting, its crazy how fast things are growing. wil lbe interesting to see what happens over the next few years

  26. Hi Jim Fenton,Thanks for taking this opportunity to talk about this, I feel strongly about it and I benefit from learning about this subject. If possible, as you gain data, please update this blog with new information. I have found it extremely useful.

  27. What is definitely scary for this is that we have also observed a dramatic increase in the number of dkim signed spam, especially with cheap domains available (.cn at around 2$ per month, to register almost anonymously)

  28. I discovered today DKIM and how it grows. I think that such tools have become essential to secure emails and restore or enhance trust in this area. Today, many servers and indirectly the mailboxes of users are overwhelmed by spam. All effective solutions are welcome.

  29. It is my understanding that DKIM is for use in mass mailing where individually encrypting the messages or attaching a relatively large digital signature would not be feasible. Thus, there are better options for personal use.

  30. Thats good to hear! Spamming is still a very big problem that needs solving, instead of just being hidden.

  31. DKIM is growing much in Germany

  32. Good to see you haven’t lost your enthusiasm.DKIM going well,As i heard messages with valid DKIM signatures, where the domain has established a good reputation with them, are less likely to be classified as spam.Thanks !

  33. DKIM growing very well. As the news was posted some time ago, But i found it very informative as it concludes all the relevant details and forecast aspects of the topic. Thanks sir keep it up.

  34. Make sure you have a Mail Transfer Agent (MTA) that’s capable of signing mail. If you don’t, get a new one. There are a lot of great open source MTAs and commercial MTAs that can do this. If you aren’t signing with DK today we strongly recommend that you do.

  35. Definitely a needed technology. I’ve had my email hacked twice in the past year, and people sending messages from my name. Especially with business accounts, this is a valuable product.

  36. Anything that helps decrease the amount of spam and allows legit email to be delivered is welcome.

  37. This is definitely good news. I’m hoping that spammers are crowded out by legitimate (and identified) senders.Unfortunately the creators of DKIM have created a serious obstacle to its adoption. The website does not provide any complete implementation examples; instead it only lists vendors of message generation/delivery products that support DKIM. Most of these products are very expensive. I’m disappointed that I will have to mothball my own message generation software and purchase a commercial product that will require plenty of time and testing for integration. What’s worse is that bootstrappers and young startups are practically relegated to the Spam box if they can not afford these commercial products.I’m positive that many developers wrote DKIM implementations as Proofs of Concept during the development of the DKIM standard. Yahoo and Cisco should level the playing field by making code samples available in as many languages as possible.

  38. DKIM growth is really staggering. I’m curious to see if this trend continues, or whether there will be a bump in the road.

  39. You might be interested to watch a recent screencast video that I did on the Sendmail Sentrion product. It has a lot of new features and a Web interface to make it easier to manage and create a very sophisticated collection of mail processing rules. You can see it here:

  40. Tim,Thanks for your comments. The site (which is independent of both Cisco and Yahoo!) has pointers to several open-source DKIM implementations that have gotten extensive use; they are listed at . These can be used (consistent with their license terms) as reference implementations or as-is. Some Linux distributions are beginning to offer packaged versions of this code as well.At one point we considered releasing our proof-of-concept code as open source, but since the existing open-source implementations are of good quality, we didn’t think that would benefit the community substantially.