Which authentication method uses a private key for email verification?

The authentication method that uses a private key for email verification is Domain Keys Identified Mail (DKIM). DKIM works by allowing the sender of an email to associate a domain name with the message, through the use of cryptographic signatures. When an email is sent, the originating mail server generates a unique signature for the email using a private key that corresponds to a public key stored in the DNS records of the sender's domain.

When the recipient's mail server receives the email, it retrieves the public key from the DNS and uses it to verify the signature. If the signature matches, it indicates that the email was indeed sent by the domain owner and that the content has not been altered in transit. This process helps to enhance email security and reduce the chances of spoofing.

The other methods mentioned do not use a private key for verification in the same manner. Sender Policy Framework (SPF) verifies whether the sending server is authorized to send emails on behalf of the domain, but it does not utilize a cryptographic key. Brand Indicators for Message Identification (BIMI) works with authenticated emails to display brand logos but does not verify emails using a private key. Domain-based Message Authentication, Reporting and Conformance (DMARC) builds on DK