Domain Keys Identified Mail (DKIM) is an authentication method that uses cryptography to add an encrypted digital signature to your organization's outgoing emails. In this method, your mail server uses a private key to encrypt the email data and receiving email servers retrieve the corresponding public key to decrypt it. This ensures that your email is genuinely sent from your domain and hasn’t been altered on its way to the recipient. It also raises your spam score, which increases the chances of your emails being delivered.
Refer to the sections below to verify and configure your DKIM settings.
Verify Your DKIM Configuration
Usually, your domain's DKIM configuration is set by your IT rep or domain/mail administrator, but you can also check yourself using a tool such as MX Toolbox.
In its most basic form, DKIM can be verified using two elements:
- Your organization's domain name (for example,
- A DKIM selector is the text added with the domain to create a unique DNS record used during DKIM.
- This allows different systems, date ranges, or third-party services to create different signatures.
If a DKIM selector sounds more like the bass player from an 80s indie rock band, don't fret. Your IT or domain administrator typically creates this.
Within MX Toolbox (or a similar tool), enter your domain name and the selector in the fields. Then, click DKIM Lookup.
The DKIM status appears on the next screen.
If MX Toolbox is unable to find a DKIM record, refer to the section below to enable DKIM for your domain.
Enable DKIM for Your Domain
If you've followed the steps above and found a DKIM record, there's no need to enable DKIM. If the tool did not find a record, your IT or domain administrator can work with the domain or email provider to enable and configure it for you—they should be familiar with the process.
Some popular providers are Google Workspace and Microsoft Office 365. If you use these providers, you can refer to these links to confirm the settings and enable DKIM.
- Google Workspace:
- Office 365:
If you're using Google Workspace for your domain, Google creates a DKIM key for you and puts it in your DNS records once your site is created. All you need to do is follow the steps in the "Turn on DKIM for Your Domain" article to configure your domain for DKIM.
If you're the domain administrator, be extremely careful when you configure your DKIM method. Incorrect configurations can lead to your mail becoming undeliverable!
Fix Other Possible SPAM Issues
DKIM configuration is only one way to confirm your emails get delivered. You should also set up SPF (Sender Policy Framework) records and DMARC (Domain-based Message Authentication, Reporting & Conformance) policies to further validate your organization's domain and prevent e-mail bounces.
Read the Avoid SPAM Filters article for more information about potential SPAM concerns and best practices.