DKIM Explained
What is DKIM?
DomainKeys Identified Mail (DKIM) is a tool for domain owners to cryptographically sign their emails, proving to receiving mail servers that the email was indeed sent by an authorized sender.
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtmKI514qtdqioxRnnONfX6aeDtepubwJP+nwuvNjnw8JRrVXqxaBpiQxN0Ngqm3Tr4fPkEVMdySnQX5mTMo/hUTQXAKromYgf1N2SnYy8EpA6I32ADoPDRSRl6R/3oqB+NlET2dGwU7cBHABBLBp+N2j8TVYPbi9Vw2OogClpBFDU8I3hIXz5L2gKM3fuDl8kGLS1P8pVbCTgq11IwBWLd47KEEWI3dH8Cva5hZcBsmRGoB80pySex5tee7DYVA/QFAuHGXAcnhfenMkAZlrPdlxVaUcUveFJqnkAEL7Bv5bSGQu8WrVsfXg6ifR2Hdk4DOuXZcYZNoG1RIINeezwIDAQAB
Example of a DKIM record
When an email service provider (e.g. Google Workspace, Mailchimp, Salesforce) wants to send an email, they sign it with a private key that corresponds to the public DKIM key. The receiving mail server can verify the DKIM signature using the public key in the DNS record, confirming that the email was sent by an authorized sender for that domain.
DKIM records are published as TXT records in your domain's DNS using a selector. Each email service provider uses its own selector. As an example, Google Workspace usese the selector "google", so emails signed by Google Workspace will use the DKIM key published at
google._domainkey.yourdomain.com.