What is DKIM?

DKIM (DomainKeys Identified Mail) is an email authentication method that allows the receiver to verify that an email was actually sent and authorized by the owner of the sending domain. It uses cryptographic signatures to ensure message integrity.

How This Tool Works

1. Enter your domain name and choose a selector (identifier for this DKIM key)
2. Select your preferred key size (2048 bits recommended for security)
3. Generate the DKIM DNS record structure
4. Follow the instructions to create your RSA key pair
5. Add the TXT record to your DNS
6. Configure your mail server to sign emails with the private key

DKIM Selectors Explained

A selector is a string that identifies a specific DKIM key for your domain. It allows you to have multiple DKIM keys active simultaneously. Common selectors include:

• default: Generic selector for standard use
• google: Used by Google Workspace/Gmail
• s1, s2: Sequential selectors for key rotation
• mail: Generic mail server selector

Key Size Considerations

• 1024 bits: Minimum security, faster signing, widely supported
• 2048 bits: Recommended balance of security and performance
• 4096 bits: Maximum security, slower signing, may exceed DNS limits

Example: Complete DKIM Setup

Best Practices

• Use 2048-bit keys for optimal security and compatibility
• Store private keys securely with restricted file permissions
• Rotate DKIM keys annually or when compromised
• Use multiple selectors for different mail streams or key rotation
• Test DKIM signatures after configuration using email testing tools
• Monitor DKIM authentication results in email headers

Related Tools

• DKIM Validator - Validate existing DKIM records
• SPF Record Generator - Create SPF records
• DMARC Checker - Verify DMARC policies
• Email Deliverability Tester - Test complete email setup
• DNS Record Viewer - View all DNS records