Home Platform DKIM Record Generator

DKIM Record Generator

Get an embed

Create a valid DKIM record to add it to your DNS configuration and complete the second step of email authentication.

  • 1024
  • 2048
  • 4096

Ensure You’re Using a Valid DKIM Record

The validity of your DKIM record is important during your email authentication and DMARC compliance journey. DMARC is built on two pillars: SPF and DKIM. If one of them is missing and the other fails, your DMARC fails immediately, and all the protection you set up with all the records vanishes.

DKIM (DomainKeys Identified Mail) protects email senders and recipients from malicious or forged emails by placing a digital signature that can only be decrypted by a specific private key.

DKIM Record Checker

DKIM Tag Explanations

DKIM Record Checker will display the following tags.

TAGTAG DESCRIPTION
vThe version tag indicates the version of DKIM, and should always be set on 1.
p (required)The public key tag is a string of characters generated during DKIM setup. Leaving the value empty deems it invalid.
tThis tag lists the flags in a colon-separated sequence. There are two defined flags: y and s. Undefined flags must be ignored.
sThis tag lists record-applicable service types. If the appropriate service type misses, the receiving servers must ignore the tag. Same goes with the unrecognized service types.
hThis tag defines the acceptable hash algorithms. In its default state, it allows all. Unrecognized algorithms must be ignored. The sender is responsible for determining each entry in the list.
kThis is the key type tag with a default value of "rsa". It's crucial that both sending and receiving servers support this value.
nThis tag acts like an optional note field for administrators. We recommend that you use this field only if necessary.

Frequently Asked Questions

What Is DKIM?

DomainKeys Identified Mail or DKIM is an email authentication method that uses a pair of public-private DKIM keys to cryptographically ‘sign’ all outgoing emails. It protects email senders from phishing, spam, and spoofing by allowing recipient servers to verify the authenticity of the senders’ emails. Read more about DKIM specifications.

How Does DKIM Work?

DKIM uses a pair of cryptographic keys, one private and one public, to verify messages. A private DKIM key adds an encrypted signature header to all outgoing messages sent from your email domain. A matching public DKIM key is added to your email domain's Domain Name System (DNS) via a DKIM record. You must add a DKIM record to your DNS to set this up. Email recipient servers then retrieve the public key from your DKIM record to decrypt the message signature, validate the message’s origin, and verify that it wasn’t changed in transit. Generally, DKIM detects forged header fields and content in emails. Learn more about how DKIM record works here.

How Do I Generate a DKIM Record?

You can generate a DKIM record for your email sending domain(s) quickly and easily with EasyDMARC’s DKIM Record Generator tool. Be sure to create DKIM records for all the sending domains authorized to send mail on your organization’s behalf. If you’re using a third-party email service provider (ESP) like MailChimp, Google, Microsoft365, etc., you must go to your ESP portal and obtain your DKIM key. ESPs store their private DKIM key in their servers and provide a public DKIM key to be stored on users’ DNS zones.

How Do I Use EasyDMARC’s DKIM Record Generator?

It’s easy! Our DKIM generator platform allows you to create a DKIM record and DKIM keys in just a few clicks. In the fields provided, specify your domain name, DKIM “selector” name, and the key length:

  • Name the selector something you can identify easily in the future.
  • Enter your domain name; this should match the visible “From” address domain.
  • Specify the key length. We support 1024, 2048, and 4096-bit length keys.
  • Once the DKIM record is generated, store the private key in your mail server configurations (with .pem file), and implement the public key in your DNS Zone.

How Do I Generate a DKIM Key Pair?

You can use EasyDMARC’s DKIM Record Generator to generate DKIM keys for your own dedicated email servers. As DKIM works with private and public keys, there are multiple use cases for DKIM implementation:

  • If you’re using a third-party ESP (Google, Microsoft365, Mailchimp, etc.), public DKIM keys are obtained from their portals. ESPs won't share their private keys for privacy and security reasons.
  • For dedicated servers, EasyDMARC's DKIM Generator tool is specifically designed to make the process quick and easy. Once generated, you’ll need to securely store the private key in your own server while implementing the public key in your DNS.

Do I Need To Generate a DKIM Record if I’m Using a Third-Party ESP?

No. This is a common misconception. You only need to generate a DKIM record for your own dedicated mail servers. Third-party ESPs, such as Google Workspace, Microsoft, Mailchimp, etc., already store a private DKIM key in their own mail server configurations and provide only public signatures for their users. You need to get the public signature or key from your given ESP portal, implement it in your DNS, and later turn on the “Activation” for DKIM within your ESP portal.

Explore All EasyDMARC Tools To Improve Your Domain
Security and Email Deliverability

Lookup tools

DMARC lookup
SPF lookup
DKIM lookup
BIMI lookup
MTA-STS lookup
TLS-RPT lookup

Generator tools

DMARC generator
SPF generator
DKIM generator
BIMI generator
MTA-STS generator
TLS-RPT generator

Other tools

SPF Validator
BIMI Converter
All tools

Join the 83,000+ businesses growing safely with us

Make Your DMARC Journey Simple With EasyDMARC

GET STARTED
CONTACT US