How DKIM works in plain English
When you send an email through a DKIM-signing server, the server adds a digital signature to the message header. That signature is generated using a private key that only your sending server has. The matching public key is published in your domain's DNS as a TXT record. When the recipient's mail server receives the message, it looks up the public key in DNS and verifies the signature. If the signature is valid, the recipient knows the message really came from your domain and was not tampered with.
Why DKIM matters
Without DKIM (and its companion standards SPF and DMARC), receiving mail servers cannot tell whether a message claiming to be from your domain actually is. The result is usually that your messages land in spam folders, or are rejected outright. DKIM is the single most important step you can take to keep transactional and marketing email deliverable.
What does a DKIM record look like?
A DKIM DNS record is a TXT record at a subdomain like selector1._domainkey.yourdomain.com. The value starts with v=DKIM1; and contains a long base-64 encoded public key. Most providers (including Senddio) generate the records for you and verify them automatically once you publish.
DKIM vs SPF vs DMARC
These three standards work together. SPF authorises which servers may send mail for your domain. DKIM signs the messages themselves. DMARC tells receiving servers what to do if a message fails either check. You need all three for serious sending; one alone is not enough.