DKIM is a form of email authentication which works via digital signature.
It makes the identification of spoofed emails easier.
The sending mail server signs email with a private key while receiving mail server uses public key in the domain's DNS information for verifying the signature.
One domain can have several DKIM keys that are publicly listed in DNS however, each matching private key is only on one mail server.
Why Do We Need DKIM Record?
While DKIM is not required, emails signed with DKIM appear more legitimate to recipients.
It is less likely that the mail will move to either Junk or Spam folders.
Just like SPF, DKIM is required for DMARC which is a newer standard for reducing email spoofing.
DKIM provides a way for ISPs to track as well as build a reputation on domain's sending history.
This reputation is portable and will allow you to control your reputation as well as sending practices across multiple sources.
How Does DKIM Work?
DKIM also uses DNS TXT records along with a special format.
When a public/private key pair is created then, the public key will be added to the DNS of your domain:
pm._domainkey.domain.com IN TXT "k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOCTHqIIQhGNISLchxDvv2X8NfkW7MEHGmtawoUgVUb8V1vXhGikCwYNqFR5swP6UCxCutX81B3+5SCDJ3rMYcu3tC/E9hd1phV+cjftSFLeJ+xe+3xwK+V18kM46kBPYvcZ/38USzMBa0XqDYw7LuMGmYf3gA/yJhaexYXa/PYwIDAQAB"
SPF and DKIM records differ in the sense that you can maintain multiple DKIM records for many sending sources.
DKIM records are identified using selector. By using different key pair for each provider, you can easily renew or revoke DKIM records as required.
How Does KDMARC Help?
KDMARC is a DMARC record generator and analyser tool which also helps in verifying whether a domain has set DKIM record or not. In case, the record is not set, the tool will allow you to set DKIM record.