CompTIA CySA+ Practice Test 2026 – The Comprehensive All-in-One Guide to Exam Success!

The correct answer is DKIM, or DomainKeys Identified Mail. This cryptographic authentication mechanism is specifically designed to verify the authenticity of the sender's domain in email communications. It uses public-key cryptography to sign an email header with a digital signature. When an email is received, the recipient's mail server can check the signature against the sender's public key, which is published in the DNS records of the domain. If the signature is valid, it confirms that the message was indeed sent by an authorized mail server for that domain and that its contents have not been altered in transit.

The other mechanisms mentioned serve different purposes. SPF (Sender Policy Framework) is focused on identifying which mail servers are authorized to send email for a specific domain, but it does not provide a way to verify the identity of the email sender itself through cryptographic means. SMTP (Simple Mail Transfer Protocol) is the standard protocol used for sending emails but does not include built-in mechanisms for authentication. DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on both SPF and DKIM by providing a policy framework for handling email that passes or fails authentication checks, but it does not independently verify the sender through cryptography. Thus, DKIM stands out as the specific