DKIM

Home Platform DKIM Record Generator

DKIM Record Generator

Use this tool to generate your DKIM record

How to generate a DKIM record?

DKIM adds an encrypted signature to the header of all outgoing messages. Email servers that get signed messages use DKIM public key to decrypt the message header and verify the message was not changed after it was sent. Generally, DKIM detects forged header fields and content in emails. As DKIM works with Private and Public keys, there are multiple use-cases for DKIM implementation:

  • If you are using Third-Party ESPs (Google, Microsoft365, Mailchimp, etc.) DKIM Public keys are obtained from their portals. ESPs won't share their Private Keys for privacy and security concerns.
  • For dedicated servers, EasyDMARC's DKIM Generator tool is particularly made to make the process easy and fast. You will securely store the Private key in your own server while implementing the Public key in your DNS.

How does DKIM work?

DKIM uses a pair of keys, one private and one public, to verify messages. A private domain key adds an encrypted signature header to all outgoing messages sent from your email domain. A matching public key is added to the Domain Name System (DNS) record for your email domain. Email servers that get messages from your domain use the public key to decrypt the message signature and verify the signed message sources.

How to use a DKIM Record Generator?

In order to create private and public keys pair using DKIM Record Generator, you need to specify your domain name, DKIM “selector” name, and the key length.

  • A selector can be any given name. Use a name to clearly identify the DKIM Signature in future.
  • Enter your domain name, this should match the visible “From” address domain.
  • Specify the Key length. We support 1024, 2048, and 4096-bit size keys.
  • Once DKIM Record is generated, store the Private Key in your mail server configurations (with .pem file), and implement the Public Key in your DNS Zone.

Do I need to generate a DKIM Record if I’m using a third-party ESP?

No. This is a common misconception. You only need to generate a DKIM Record only for your dedicated mail servers. For Third-Party ESPs such as Google Workspace, Microsoft, Mailchimp, etc. they already store the Private Key in their own mail server configurations and provide only Public Signatures for their users. The only action you need to take is to get the Public Signature from the given ESP portal and implement it in your DNS, and later turn on the “Activation” for DKIM within the ESP portal.

Want to simplify the implementation and monitoring?

Start Free Trial