An organization is evaluating their email authentication mechanisms to bolster security. They wish to ensure that emails are not only transmitted securely but also retain proof of sender identity and message integrity upon delivery. They are looking to implement a method that provides a cryptographic signature for emails, which can be validated using a public key in the DNS. The method should confirm that the message was not tampered with in transit. To accomplish this, which DNS record type should they configure to contain the public key for this cryptographic verification?
To support DKIM, a domain must have a specific DNS TXT record that holds the public key used by recipients to verify the cryptographic signature in the emails sent from that domain. The correct setting is a DNS TXT record that is configured with a specific tag that indicates it contains a DKIM public key. The use of a CNAME record for DKIM is incorrect because it is typically used for domain aliasing, not for storing cryptographic information. An MX record is used for directing email to mail servers and does not hold cryptographic keys. An AAAA record is used to map a domain name to an IPv6 address and is irrelevant to DKIM.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DKIM and how does it work?
Open an interactive chat with Bash
What is a DNS TXT record and what other uses does it have?