🚨 Use our FREE data vulnerability scanner. Identify and fix DNS issues. Start Your Scan

Creating and Implementing DKIM Records for Email Authentication:

May 7, 2023
purple squares on a black background

What is a DKIM record?

DKIM is a standard for email authentication that verifies emails by using a public and private key pair to create a signature header, acting like a watermark to prevent tampering. Each signature contains all necessary information for an email server to verify its authenticity.

The originating email server has the private key, while the receiving server has the public key which is stored in the DKIM record in the domain’s DNS. The process uses a DKIM selector to decipher the encrypted signatures. 

How do I create a DKIM record?

Step 1:  

Make a list of all authorised domains and sending services (ESP’s), such as marketing campaign platforms or invoice generators, that are permitted to send emails on your behalf. Then, get in touch with them and ask them to configure DKIM. Additionally, request a copy of the public key.

Step 2: 

Generate the key pairs. Here are a few options:

  • If your organization uses its own email server, it may have built-in DKIM functionality. To find out, consult the available documentation on public/private key generation and policy record creation. Alternatively, reach out to the IT staff responsible for the server.
  • There are tools from third-party providers that can be used to generate the DKIM record. It is recommended to check your organization’s security policy before using any third-party tools.
  • DKIM keys also can be generated via openssl.

How do I add a DKIM record?

  1. To make your public key accessible, add it to your DNS record as a TXT record. Confirm with your DNS provider if the input field allows more than 255 characters. If not, you may need to work with them to create the TXT record or increase its size.
  2. Securely store the private key on your SMTP server or MTA (mail transfer agent).

How can I test my DKIM record?

Go back to our DNS checker tool to make sure you have added your DKIM correctly. 


Now make sure your Google Workspace and Microsoft 365 data is backed up.

Google and Microsoft do not back up your data by default. This leaves your business at serious risk of collapse. Contact BackupVault today for a Free Trial of our cloud backup solutions.