DKIM Record Generator
Create DKIM keys and DNS records for your domain. DKIM (DomainKeys Identified Mail) adds a digital signature to your emails, proving they haven't been modified and truly came from your domain.
Your sending domain
Google Workspace DKIM Setup
In Google Admin Console, go to Apps → Gmail → Authenticate Email. Click 'Generate new record', choose 2048-bit key length, and copy the TXT record value. Add it to your DNS, then click 'Start authentication' in Google Admin.
google._domainkey.yourdomain.comAdd a TXT record with this name to your DNS provider
What is DKIM Record?
DKIM (DomainKeys Identified Mail) is an email authentication method that lets the receiving server verify that an email was authorized by the domain owner and wasn't altered during transit. It works by adding a digital signature to email headers, which receivers validate against a public key published in your DNS.
How to Use This Tool
Generate or Find Your Keys
For managed platforms (Google Workspace, Microsoft 365), follow the platform-specific instructions to get your DKIM keys. For custom setups, use the generator above to create an RSA key pair.
Publish the DNS Record
Add a TXT record in your DNS with the name 'selector._domainkey.yourdomain.com' and paste the public key value. The selector is usually provided by your email platform.
Enable DKIM Signing
Configure your email server or platform to sign outgoing emails with the private key. Most managed platforms handle this automatically once you publish the DNS record.
Frequently Asked Questions
A DKIM record is a DNS TXT entry containing your public key. Email servers use it to verify the digital signature attached to emails sent from your domain, confirming the email is authentic and unmodified.
Use 2048-bit keys for the best security. While 1024-bit keys are still accepted, they're considered less secure. Most modern email platforms default to 2048-bit keys.
A selector is a name that identifies a specific DKIM key. It allows you to have multiple DKIM keys for different services. Common selectors include 'google', 's1', 'selector1', or 'default'.
Yes. SPF and DKIM serve different purposes. SPF verifies the sending server is authorized; DKIM verifies the email content hasn't been tampered with. Using both significantly improves deliverability and is required for DMARC.
In Google Admin Console, go to Apps → Gmail → Authenticate Email. Click 'Generate new record', choose your key length, then add the provided TXT record to your DNS. Finally, click 'Start authentication' in Google Admin.
Yes, unlike SPF, you can have multiple DKIM records for the same domain using different selectors. This is useful when multiple services send email on your behalf — each service gets its own selector and key pair.