Home / Tools / DKIM Record Generator

DKIM Record Generator

Get an embed

Create a valid DKIM record to add it to your DNS configuration and complete the second step of email authentication.

  • 1024
  • 2048
  • 4096

Frequently
Asked Questions

Have more questions?
Ask via Live Chat or Contact Us

DKIM Tag Explanations

DKIM Record Checker will display the following tags.

TAGTAG DESCRIPTION
vThe version tag indicates the version of DKIM, and should always be set on 1.
p (required)The public key tag is a string of characters generated during DKIM setup. Leaving the value empty deems it invalid.
tThis tag lists the flags in a colon-separated sequence. There are two defined flags: y and s. Undefined flags must be ignored.
sThis tag lists record-applicable service types. If the appropriate service type misses, the receiving servers must ignore the tag. Same goes with the unrecognized service types.
hThis tag defines the acceptable hash algorithms. In its default state, it allows all. Unrecognized algorithms must be ignored. The sender is responsible for determining each entry in the list.
kThis is the key type tag with a default value of "rsa". It's crucial that both sending and receiving servers support this value.
nThis tag acts like an optional note field for administrators. We recommend that you use this field only if necessary.

How to create a DKIM Record?

You can generate a DKIM record for your email sending domain(s) quickly and easily with EasyDMARC’s DKIM Record Generator tool.

To create a DKIM record, follow these steps:

  • Enter your domain name, and EasyDMARC’s DKIM Record Generator tool will generate a private/public key pair.
  • The private key is used to sign outgoing emails, while the public key is what you’ll add to your DNS as a TXT record.
  • The tool will also provide the selector name.

Be sure to create DKIM records for all the sending domains authorized to send mail on your organization’s behalf. If you’re using a third-party email service provider (ESP) like MailChimp, Google, Microsoft365, etc., you must go to your ESP portal to obtain your DKIM key. ESPs store their private DKIM key on their servers and provide a public DKIM key to be stored in users’ DNS zones.

You can manually add your DKIM record by doing the following:

  • Use EasyDMARC’s DKIM key generator to create a private/public key pair.
  • Publish the DKIM Public key in the DNS by adding the TXT record with these details:
    • Name/Host: <selector>._domainkey.<yourdomain.com>
    • Replace <selector> with the value provided by your email provider (e.g., default) and <yourdomain.com> with your domain name.
    • Value: v=DKIM1; k=rsa; p=<PublicKey>
    • Replace <PublicKey> with the content of your public key.
    • TTL: Set to the default value.
  • Configure the email server by adding the private key to your mail server's configuration. Specify the selector and enable DKIM signing for outgoing messages.
  • Test your DKIM configuration with EasyDMARC’s DKIM Lookup tool.

The exact process of adding a DKIM record can vary depending on your email provider and domain host. Read our blogs on adding a DKIM record to Namecheap and Cloudflare.

You can use EasyDMARC’s DKIM Record Generator to generate DKIM keys for your own dedicated email servers. As DKIM works with private and public keys, there are multiple use cases for DKIM implementation:

  • If you’re using a third-party ESP (Google, Microsoft365, Mailchimp, etc.), public DKIM keys are obtained from their portals. ESPs won't share their private keys for privacy and security reasons.
  • For dedicated servers, EasyDMARC's DKIM Generator tool is specifically designed to make the process quick and easy. Once generated, you’ll need to securely store the private key in your own server while implementing the public key in your DNS.

No. This is a common misconception. You only need to generate a DKIM record for your own dedicated mail servers. Third-party ESPs, such as Google Workspace, Microsoft, and Mailchimp, already store a private DKIM key in their own mail server configurations and provide only public signatures for their users. You need to get the public signature or key from your given ESP portal, implement it in your DNS, and later turn on the “Activation” for DKIM within your ESP portal.

Join the 83,500+ companies and 175,000+ domains secured with us