Set Up Domain Keys Identified Mail (DKIM) to Authenticate Your Email

Article author
Jayson Verdibello


Domain Keys Identified Mail (DKIM) is an authentication method that uses cryptography to add an encrypted digital signature to your organization's outgoing emails. In this method, your mail server uses a private key to encrypt the email data and receiving email servers retrieve the corresponding public key to decrypt it. This ensures that your email is genuinely sent from your domain and hasn’t been altered on its way to the recipient. It also raises your spam score, which increases the chances of your emails being delivered.

Refer to the sections below to verify and configure your DKIM settings.

Back to Top

Verify Your DKIM Configuration

Usually, your domain's DKIM configuration is set by your IT rep or domain/mail administrator, but you can also check yourself using a tool such as MX Toolbox.

In its most basic form, DKIM can be verified using two elements:

  • Your organization's domain name (for example,
  • A DKIM selector is the text added with the domain to create a unique DNS record used during DKIM.
    • This allows different systems, date ranges, or third-party services to create different signatures.
DKIM Selector? Wasn't she in Sonic Youth?

If a DKIM selector sounds more like the bass player from an 80s indie rock band, don't fret. Your IT or domain administrator typically creates this.


Within MX Toolbox (or a similar tool), enter your domain name and the selector in the fields. Then, click DKIM Lookup.

DKIM Lookup

The DKIM status appears on the next screen.

DKIM Results

If MX Toolbox is unable to find a DKIM record, refer to the section below to enable DKIM for your domain.

Back to Top

Enable DKIM for Your Domain

If you've followed the steps above and found a DKIM record, there's no need to enable DKIM. If the tool did not find a record, your IT or domain administrator can work with the domain or email provider to enable and configure it for you—they should be familiar with the process.

Some popular providers are Google Workspace and Microsoft Office 365. If you use these providers, you can refer to these links to confirm the settings and enable DKIM.

Google, DKIM, and You

If you're using Google Workspace for your domain, Google creates a DKIM key for you and puts it in your DNS records once your site is created. All you need to do is follow the steps in the "Turn on DKIM for Your Domain" article to configure your domain for DKIM.


Return to Sender

If you're the domain administrator, be extremely careful when you configure your DKIM method. Incorrect configurations can lead to your mail becoming undeliverable!


Back to Top

Fix Other Possible SPAM Issues

DKIM configuration is only one way to confirm your emails get delivered. You should also set up SPF (Sender Policy Framework) records and DMARC (Domain-based Message Authentication, Reporting & Conformance) policies to further validate your organization's domain and prevent e-mail bounces.

Read the Avoid SPAM Filters article for more information about potential SPAM concerns and best practices.

Back to Top