How to setup and verify DKIM records?

Domain Key Identificated Mail (DKIM) is a mechanism for email authentication. It uses an encrypted signature to verify that the email sender is the one who they say they are and gives a key to the sender’s recipient to check back with the sender DNS record.

Steps to set up DKIM :

You can generate your Domain key after 24 hours of the activation of your Gmail account. You have to be the ' super administrator' to generate the domain key.
Here are the steps that need to be followed to generate Domain key for email authentication:

  • Go to the admin page of the Email Service provider that you use and Open the tab Authenticate Email. For the Gsuite users – Open the Admin console Home Page> Gsuite> Gmail> Authenticate Email.
set up DKIM
  • Now you need to select the Domain that you want to generate the domain key for. Your primary domain will appear by default. In other cases, you need to select the domain from the down arrow under Domain.
  • Select on Generate New Record.
Generate new record
1024-bit keys
  • Select the DKIM key bit length according to your DNS provider.
  • Select Generate.
  • The text box displays the information that is used to update the DNS record. The public domain key is retrieved by the Email servers which are then used to validate the incoming messages.
  • Once you have generated the domain key, you need to add it to your DNS.

Steps to add Domain key to your DNS:

  • You need to sign in to the management console of your Domain Provider and open the page to manage the domains and update the DNS records.
  • Create the TXT record using the variables of name and values.
set up the SPF in your Domain Server
  • To see the name and value you need to create the TXT record, in the Admin console go to Apps > G Suite > Gmail > Authenticate.
  • Update the DNS record by adding the following:

In the first field, you need to enter the text under the DNS Hostname (TXT record name). Enter the TXT value in the second field.

add Domain key to your DNS
  • Save your changes.

This will add the Domain key to your DNS.

After you have generated the Domain key and you have updated it to your Domain, the next step follows is to DKIM signing. Gmail will use its default DKIM signing if you don’t Sign in your own DKIM signature. Follow the below steps to update the signature for DKIM.

Always consider updating your Domain DNS record before turning on signing the DKIM signature. 

  • Now go to Apps> G Suite> Gmail from the Admin Console Manager.
set up DKIM
  • Select Authenticate Emails.
  • Select your domain where you want to sign in.
  • Click Start Authentication.
Start Authentication

To confirm that DKIM signing is turned on, send an email message to someone who is using Gmail or G Suite. You can’t do this test by sending yourself a text message.
Open the message in the recipient’s inbox to be sure.
To Reply, click and you will get the original message.

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google;
This will be the Domain key in your header. If you find this in the recipient’s message, assure yourself that the domain key has been updated to your DNS.

The above were the steps to set up the Domain key in your DNS. Consider following all the steps for hassle-free email deliverability.

If you need live assistance in setting up the DKIM, please schedule a call with our email deliverability expert.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us