What is DKIM?

DomainKeys Identified Mail is a way to authenticate and protect your domain. DKIM helps to safely deliver your messages to your prospects.

Weronika Wróblewska avatar
Written by Weronika Wróblewska
Updated over a week ago


1. What is DKIM?

DKIM uses a pair of keys, one private and one public, to verify messages. By encrypting private and public keys in the email header, your domain gets validated. In short, by setting DKIM on your DNS, you let your recipients know that your emails come from authorized servers. Learn more about DKIM by consulting your hosting's help page.

2. Why do you want to set it up?

  • Avoid spam issues,

  • you're being recognized as a valid sender,

  • your domain is authenticated, which means you protect its good reputation,

  • higher open rate,

  • lower bounce rate,

  • higher response and satisfaction rate.

Have a look at our Blog to learn more.

3. How do you set up DKIM?

The way you set up your DKIM record depends on your domain host.

General rules

To set DKIM on your server, first, you need to generate the public key. To do that, you need to log in to your email’s provider admin console. The next steps may differ depending on your email provider.

If you’re using Google Apps to send your emails, here’s a step-by-step instruction. Google Apps email users, you should know that on default the DKIM signatures are turned off, so you need to turn them on manually in your Google Admin console.

When you have the public key, you take the generated txt record and paste it in the right place into your DNS records. Here's the example:

Example of the DNS record under Domain Name settings

Finally, you need to turn on email signing to start sending emails including your signature encrypted with your private key. Here’s how to do it, if you’re using Google Apps to send your emails.

DKIM Key Rotation

The security community recommends regularly changing the encrypted tokens of your DKIM records to enhance the security of your authentication configuration. The typical schedule for rotation is at least once every 12 months.

4. Below, you'll find the guides to the most common email service providers (ESP):

  • Google DKIM

  • Microsoft DKIM

  • Zoho DKIM

  • Namecheap SPF&DKIM

  • GoDaddy doesn't support DKIM for every hosting. Check out their SPF info or contact their support

  • Amazon SES DKIM

Head over to our blog to learn more about What is DKIM & SPF? And How to Set It Up? »

5. FAQ

Q: What about DMARC? Do I need to set it up?

Although DMARC isn't obligatory and there is no need to have it, we advise you to give it a go. DMARC is an extra safety measure that helps to protect your brand reputation. All in all, you want your emails delivered directly to your prospects' inboxes, and DMARC is one more extra superpower worth arming your domain with. Read more »

Q: I'm not sure how to set up DKIM. What should I do?

Please consult your domain host and ask them for help. They know best what your DKIM is and how to add it swiftly to your DNS.

Did this answer your question?