stands for DomainKeys Identified Mail.
Like SPF it's not specifically an anti-spam measure, but
an attempt to prevent forgery.
While SPF uses a description of what sites are allowed to send mail
on your behalf, DKIM uses Public Key Cryptography.
Each participating site generates a public/private key pair.
The public key gets stored in the DNS records for the site.
Outgoing mail is signed with the private key.
When another site receives mail, it checks the signature.
If the check fails, the mail is marked or rejected.
is a nice implementation of DKIM including a sendmail milter.