DomainKeys Identified Mail (DKIM) is an email authentication method designed to help protect both email senders and recipients from fraudulent emails. It enables an organization to take responsibility for a message that is in transit. The primary goal of DKIM is to allow the recipient to confirm that the email was sent and authorized by the domain owner.
DKIM uses a pair of cryptographic keys, one private and one public, to verify the email's authenticity. The private key is used by the sending mail server to digitally sign the email, including the headers and body, typically in a way that is transparent to the sender and receiver. The corresponding public key is published in the organization’s DNS records. Email recipients can then use this public key to decode the signature and verify that the message was not altered after it was sent.
Implementing DKIM with SpamHero is easy. See:
How do I enable SPF and DKIM for emails sent from my domain?