DKIM

What is DKIM?

DomainKeys Identified Mail

DomainKeys Identified Mail (DKIM) is a cryptographic signature added to outgoing email. The signing key's public half is published in DNS at `<selector>._domainkey.your-domain.com`. Receiving servers look up the public key, verify the signature, and know the message really came from a server authorized for your domain.

In more detail

DKIM is the cryptographic part of email authentication. SPF checks IPs, DKIM checks cryptographic signatures, DMARC sets the policy. DKIM is harder to spoof than SPF because it signs the actual message content — if any byte changes in transit, the signature fails.

Setup is provider-specific: your email service (Resend, Postmark, Google Workspace) gives you the exact TXT record to add. Each provider uses its own selector.

Why this matters

Why builders care

Gmail and Yahoo now require DKIM for bulk senders. Apps that send signups, password resets, or notifications need DKIM to avoid the spam folder. Every modern email service supports it out of the box.

Fix guides

Fix DKIM issues

Missing DKIM record

DKIM signs your outgoing email so receivers can verify it was not tampered with. Here is how to enable it through your email provider.

Read more

Missing SPF record

Without SPF, anyone can send email that looks like it came from your domain. Here is the one DNS record you need to stop that.

Read more

Missing DMARC record

DMARC tells receiving mail servers what to do with email that fails SPF or DKIM — quarantine, reject, or nothing. Here is how to set it up.

Read more

Free tools

Check it yourself

Email security checker

Can someone spoof email from your domain? Check in 10 seconds.

Read more

Related terms

Keep learning

Sender Policy Framework

SPF is a DNS record listing which IP addresses are allowed to send email from your domain. The first line of email authentication.

Read more

Domain-based Message Authentication, Reporting & Conformance

DMARC tells receiving mail servers what to do with email that fails SPF or DKIM checks. The single most important email security record.

Read more

See where your site stands

Paste a URL, get a score in 60 seconds. Free, no signup.