DKIM helps to prevent your emails being spoofed from your domain by digitally signing all your emails.  This allows the email header, and sometimes the contents and attachments, from your domain to be checked to verify that that they haven't been changed in transit.  This process is based on a private key held by the mail server and a corresponding public key published as a DNS record.  When the email is sent, the mail server creates some hashes of the email, signs them with the private key, and attaches them to the email.  The recipient can look up the public key and use it to verify the signature and hashes, and therefore the email, are unchanged.

Hexiosec ASM will validate the DKIM DNS record (for example, format, key, strength etc.) but it does not currently verify that the public key is actively being used by a matching private key.  It isn't possible to check this without accessing a DKIM-signed email, which Hexiosec ASM does not have access to.

If you want to find out more about DKIM, SPF, and DMARC, we have blog on 

 which you may find helpful, and a more recent blog on 

Contacting Support

Does ASM validate the DKIM public key?

EPSS

What is the 'Update pending' notification?

Hexiosec ASM

Hexiosec ASM (Public)

Organisation and Group Roles

Using Groups

MFA and session expiry

Password Policy

Changing email address

Changing ownership

User and Group Management

Scan Types

Scan Allowances

Seeds and IPs

Scan Limiting

Deleting Scans

Scan Notifications

Managing Scans

Report Terminology

Scan Reports

Health Scores

Managing Actions

EPSS Scoring of Risks

TLS Certificate Risks

Backport Resolvable Risks

Risk Severity Ratings

SPF Hard Fail risks

Managing Risks

Managing Domains and IPs

Graph view

Managing CDNs and Shared IPs

Exporting Scan Results from the ASM API

Link Changes Endpoint

Creating a scan using the API

Paginating the API Requests

Using the Public API

Hexiosec ASM mobile

Upgrade Recommendations

Hexiosec ASM User Guides

Why isn’t app.fractalscan.com working anymore?

I've changed the device I use for MFA

I've accepted an invite, why can't I see anything?

I don't think this vulnerability applies to me?

I've fixed a risk, why has it not been resolved?

Why is my IP's geographic location not showing, or incorrect?

Will Hexiosec ASM find Malware?

What are primary and secondary assets?

What is a Stale domain?

Can I run scans without permission?

What happens when I delete a scan?

Will the latest CVE be found?

What version is Hexiosec ASM?

Which SSO protocols does ASM support?

FAQs

MSP Specific Guidance