DKIM Introduction

DKIM is an email authentication method that enables the receiver to check if the email was indeed sent and authorized by the owner of that domain. This involves adding a digital signature linked to a domain name to each outgoing email message. This guide will use generic instructions and may differ depending on your specific email service provider or DNS service. Always refer to your specific service’s instructions for the most accurate guide.

Step 1: Generate a DKIM Key

Before we start configuring DKIM, we need to generate a DKIM key. This is a unique string of characters that will be used for encryption. Some email service providers or platforms provide built-in tools for this.

Here’s how to do it in the command line (if your platform doesn’t provide a tool):

bash command

opendkim-genkey -t -s mail -d

This command will generate two files: mail.private and mail.txt. The first one is your private key, and the second one is your public key.

Step 2: Create a DKIM Record in your DNS

Next, you need to add a new TXT record in your DNS settings. This will involve going to your DNS provider’s settings page.

The TXT record you’ll be adding will have a name and a value. The name typically follows this format:

txt record

Replace “” with your actual domain.

The value is a bit more complex. It will look something like this:

txt record
v=DKIM1; k=rsa; p=public-key-string

Replace “public-key-string” with the public key you generated in step 1 (found in mail.txt).

Step 3: Install and Configure a DKIM-Signing Mail Server

Depending on your mail server, the method for this step will vary. If you’re using a service like Gmail or Office 365, this step will be handled for you. However, for a server like Postfix, you’d need to use a service like OpenDKIM.

For example, if you’re using Postfix and OpenDKIM, you’d need to:

  • Install OpenDKIM (using apt-get or a similar package manager)
  • Configure OpenDKIM by editing the opendkim.conf file and specifying the Selector, Domain, and KeyFile (private key path)
  • Connect OpenDKIM and Postfix by editing the and files in Postfix configuration

Step 4: Test Your DKIM Configuration

The final step is to test whether DKIM is working correctly. This can be done by sending a test email to an external address (not within your domain), and then examining the email headers.

You should see a section in the headers for DKIM-Signature. If not, then there’s something wrong with the way DKIM is set up. There are also several online tools you can use to test DKIM, like MXToolbox or

Remember, this guide is a general overview, and the specific steps may vary depending on your specific email server or DNS service. When in doubt, refer to your service’s official documentation.

If you’re configuring this for a business, it’s recommended to have a knowledgeable IT team handle this process, as improperly configured DKIM can lead to issues with email deliverability.

Interested in finding out more?


View more resources

View more resources