Skip to main content

How to setup DKIM

Step-by-step guide to configure DKIM, ensuring email integrity and authenticity across popular email providers.

S
Written by Sanket Nihal
Updated over 8 months ago

How to Protect Your Emails with DKIM (Super Simple Guide)

DKIM, or DomainKeys Identified Mail, is like putting a digital signature on your emails. It ensures that your messages are genuine and haven’t been tampered with on their way to the recipient.

Here’s a super-simple guide to setting up DKIM for your email domain.


Why Should You Set Up DKIM?

  1. Stop Fake Emails: Prevent spammers from sending fake emails using your domain.

  2. Ensure Email Integrity: Make sure your emails stay unaltered during delivery.

  3. Better Email Delivery: Help your emails land in inboxes, not spam folders.


Step-by-Step: How to Set Up DKIM

Step 1: Log in to Your Domain Provider

Your domain provider is where you manage your website name (like GoDaddy, Namecheap, etc.). If you’re not sure, check the receipt email from when you bought your domain.

Here are login links for popular providers:

Step 2: Open DNS Settings

Once logged in:

  • Look for a section called DNS Management or Zone Editor. This is where you can add or edit DNS records for your domain.

Step 3: Get Your DKIM Key

Your email provider will give you the DKIM details you need. Look for it in your email provider’s settings. You’ll get:

  1. A selector (a unique label for the key, like default or google).

  2. A public key (a long piece of text you’ll copy into your DNS).

Step 4: Add a DKIM Record

Now, create a new TXT record in your DNS settings. Here’s what to do:

  • Name/Host: Enter <selector>._domainkey (replace <selector> with the name your email provider gave you, like default or google).

  • Value: Paste the public key provided by your email provider.

Step 5: Save the Record

After adding the record, click Save. It might take a few hours (or up to 24 hours) to start working.

Step 6: Enable DKIM in Your Email Provider

Go back to your email provider and turn on DKIM signing. This ensures your emails are signed with the key you just added.


Examples for Popular Email Providers

If you use one of these email providers, here’s what you’ll need:

Google Workspace (Gmail)

  1. Go to the Google Admin Console.

  2. Navigate to Apps > Google Workspace > Gmail > Authenticate Email.

  3. Generate a new DKIM key.

  4. Add the TXT record to your DNS:

    • Name/Host: google._domainkey

    • Value: (key provided by Google)

  5. Save the record and click Start Authentication in Google Admin.

Microsoft 365 (Outlook)

  1. Go to the Microsoft Admin Center.

  2. Navigate to Settings > Domains and select your domain.

  3. Enable DKIM and generate the DNS records.

  4. Add two CNAME records to your DNS:

    • Name/Host: selector1._domainkey

      • Points to: selector1-yourdomain-com._domainkey.yourdomain.onmicrosoft.com

    • Name/Host: selector2._domainkey

      • Points to: selector2-yourdomain-com._domainkey.yourdomain.onmicrosoft.com

  5. Save the records and click Enable DKIM in Microsoft 365.

Zoho Mail

  1. Go to the Zoho Admin Console.

  2. Navigate to Mail Administration > Email Authentication > DKIM.

  3. Select your domain and generate the DKIM key.

  4. Add a TXT record to your DNS:

    • Name/Host: <selector>._domainkey

    • Value: (key provided by Zoho)

  5. Save the record and verify DKIM in Zoho Mail.

SendGrid

  1. Go to the SendGrid dashboard.

  2. Navigate to Settings > Sender Authentication.

  3. Add a domain and generate DKIM records.

  4. Add three CNAME records to your DNS:

    • Name/Host: s1._domainkey.yourdomain.com

      • Points to: s1.domainkey.u.sendgrid.net

    • Name/Host: s2._domainkey.yourdomain.com

      • Points to: s2.domainkey.u.sendgrid.net

  5. Save the records and verify the setup in SendGrid.

Amazon SES (Simple Email Service)

  1. Go to the AWS Management Console.

  2. Navigate to Amazon SES > Domains and verify your domain.

  3. Add three CNAME records for DKIM:

    • Name/Host: selector1._domainkey

      • Points to: (value provided by Amazon SES)

    • Repeat for selector2 and selector3.

  4. Save and confirm the setup in Amazon SES.


Check If DKIM Is Working

Use a free tool to confirm everything is working:

Enter your domain and the selector (e.g., google or selector1). Look for a confirmation that your DKIM is valid.


Tips for a Smooth Setup

  1. Use a Strong Key: Your DKIM key should be at least 1024 bits. For better security, use 2048 bits.

  2. Rotate Keys Periodically: Regularly update your DKIM keys to enhance security.

  3. Combine with SPF and DMARC: DKIM works best when used alongside SPF and DMARC for complete email protection.


Congratulations! You’ve successfully set up DKIM to protect your email domain and ensure safe, trustworthy communication.

Did this answer your question?