Google announced Thursday on its enterprise blog that it had added DKIM (DomainKeys Identified Mail) support for all Google Apps domains. Although Gmail has supported receipt of DKIM email for some time, the ability for domain administrators to set up system-wide DKIM for outbound mail is new.
DKIM is primarily designed to enable more efficient spam filtering. As Google explained on its blog,
Email authentication is an important mechanism to verify senders’ identities, giving users a tool to recognize potential spam messages. In addition, many mail systems can display whether a received message is DKIM-verified, which helps spam filters verify and assess the overall reputation of the sender’s domain: messages from untrusted senders are treated more skeptically than those from good senders.
Essentially, while DKIM is not the be all to end all solution for spam or phishing attacks, the technology allows users to transparently verify whether a received email is identical to the email that a domain says it sent through the use of digital signatures. Wikipedia explains the technology well (and is actually the recommended source on the dkim.org website):
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email, thereby allowing an organization to take responsibility for a message in a way that can be validated by a recipient. Remarkably, responsibility can be claimed independently of the message's actual authors or recipients. The validation technique is based on public-key cryptograph
Thus, as a domain is associated with more and more trusted, authenticated, "good" emails, the less likely its emails are to be incorrectly placed in someone's spam folder. All Google Apps administrators can enable this feature as described in Google's help.
Google explained that it filters literally billions of spam messages a day for users, so clearly the use of DKIM and any other technologies to make email exchanges more robust and reliable is in their best interest (and ours). Before thinking this is the end of spam as we know it, it's worth reading another piece linked from the DKIM organization site. However, because Google has made it so easy to do and because it contributes to better spam filtering (and a decreased likelihood of a false positive spam flag for your organization, there is no reason not to enable DKIM support for your Google Apps domain.