Domain Keys Identified Mail (DKIM) records allow you to digitally sign emails from your domain. Recipients of your emails can then verify that the message really did come from your domain and has not been tampered with. DKIM, like SPF records, are another tool to help fight spam. SPF allows recipients to verify an email message came from an authorised mail server, DKIM allows recipients to verify the actual message.

DKIM works by using public and private encryption keys. The private key is used to create encrypted mail headers that are embedded in every email message you send and are unique to your domain. The public key is added to the DNS records for your domain which allows recipients to retrieve it and then use it to decrypt the header and verify the message.

A common request for DKIM records comes from customers using Google Apps with their domain. Google will supply the DKIM selector name and value for you. If you run your own mail server and would like to start signing your own emails, is a good place to start.

Here's how to create a DKIM DNS record for your domain name:

  1. Log in to your account.
  2. Click the Domains icon and click Manage on the domain you wish to amend.
  3. Click DNS Settings in the Current Domain menu on the left.
  4. Click the Add A TXT Record button.
  5. In the Name field enter a string that will distingush this key from any others, also known as a selector prefix, e.g. google._domainkey.
  6. In the Data field enter your public encryption key, e.g
    v=DKIM1; k=rsa;
  7. Click Add TXT Record and allow up to 24hrs for the changes to take effect.


Please take care when configuring your DKIM record as doing this incorrectly may result in your email from your domain being flagged as spam.

Here is a quick demonstration

Related guides

  • How to create an MX record
  • How to create an SPF record
  • How to create an SRV record
  • Need a hand? Search over a hundred step-by-step support guides