It is always important to protect your domain from spoofing & phishing, and to help prevent messages from being marked as spam. We recommend you always setup a DKIM key for your domain. Follow the steps in this article to get your DomainKey Identified Mail (DKIM) key, add the key to your domain provider, and turn on DKIM authentication for your domain.
Prerequisites:
- You must be signed in a Super Administrator.
- Sign in to your Google Admin console. (Sign in using an administrator account)
- In the Admin Console, go to Menu > Apps > Google Workspace > Gmail.
- Click Authenticate email.
- In the Selected domain menu, select the domain you want to set up DKIM.
- Click the Generate New Record button.
- In the Generate New Record box, select your DKIM key settings:
Setting | Options |
DKIM key bit length | 1024 - If your domain host doesn't support 2048-bit key, select this option. 2048 - If your domain provider supports 2048-bit keys, select this option. Longer keys are more secure than shorter keys. If your domain provider supports both 1024-bit keys and 2048-bit keys, you can switch between the two. |
Prefix selector | The default selector for Google Workspace is google. It's recommended to use the default. If your domain already uses a DKIM key with the prefix google, enter a different prefix in the field. |
- At the bottom of the Generate New Record Box, click Generate. On the setting page, the text string beneath TXT record value changes to a new value and the following message is displayed: DKIM authentication settings updated.
- Copy the DKIM values shown in the Authenticate email window. You will be adding this record to your DNS.
Turning on DKIM signing
After you enter the TXT records Google provided in the steps above, we must turn on DKIM signing to finish the setup. Follow the steps below click on Start authentication.
- Sign into your Google Admin console.
- In the Admin console, go to Menu > Apps > Google Workspace > Gmail.
- Click Authenticate email.
- In the Selected domain menu, select the domain where you want to turn on DKIM.
- Click the Start authentication button. When DKIM is complete setup, the status at the top of the page changes to: Authenticated email with DKIM.
- You can then verify your message is passing DKIM by sending yourself a test message and analyzing the header of the message.