Skip to content
RelayPost Docs

What Is DKIM?

What Is DKIM?

Section titled “What Is DKIM?”

DKIM (DomainKeys Identified Mail) is an email authentication protocol that adds a cryptographic signature to outgoing messages. The receiving mail server verifies this signature against a public key published in the sender’s DNS records, confirming the email was sent by an authorized server and was not altered in transit.

Without DKIM, receiving mail servers have no way to verify that an email claiming to be from your domain was actually sent by you. This makes your domain vulnerable to spoofing and reduces inbox placement rates.

How DKIM Works

Section titled “How DKIM Works”
  1. Your email service generates a public/private key pair for your domain
  2. The private key is stored on the sending server
  3. Each outgoing email is signed with the private key
  4. The public key is published as a DNS TXT record
  5. The receiving server fetches the public key from DNS and verifies the signature
  6. If the signature matches, DKIM passes — the email is authentic and unmodified

How to Set Up DKIM for Your Domain

Section titled “How to Set Up DKIM for Your Domain”
  1. Generate a DKIM key pair (public key and private key) through your email service provider
  2. Copy the DKIM public key from your provider’s dashboard
  3. Add a TXT record in your DNS settings at selector._domainkey.yourdomain.com
  4. Set the TXT record value to v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY
  5. Wait for DNS propagation (typically 5–30 minutes, up to 48 hours)
  6. Trigger a verification check from your email provider’s dashboard
  7. Send a test email and confirm the DKIM signature passes authentication

RelayPost generates the DKIM key pair automatically when you add a domain. The private key is stored securely and never exposed.

Frequently Asked Questions

Section titled “Frequently Asked Questions”

What happens if DKIM fails?

Section titled “What happens if DKIM fails?”

When DKIM fails, the receiving mail server cannot verify the email’s authenticity. Depending on the domain’s DMARC policy, the email may be delivered to spam, quarantined, or rejected entirely. DKIM failures are often caused by incorrect DNS records, key mismatches, or message modification in transit.

Is DKIM required for email?

Section titled “Is DKIM required for email?”

DKIM is not technically required to send email, but it is strongly recommended. Major inbox providers like Gmail and Yahoo require DKIM authentication for bulk senders as of February 2024. Without DKIM, your emails are significantly more likely to be filtered to spam.

How do I check if DKIM is working?

Section titled “How do I check if DKIM is working?”

Send a test email to a Gmail address and click “Show original” in the message options. Look for dkim=pass in the authentication results header. You can also use online DKIM checker tools that query your DNS TXT record and validate the key format.

What is a DKIM selector?

Section titled “What is a DKIM selector?”

A DKIM selector is a prefix in the DNS record name that identifies which DKIM key to use. The full record name is selector._domainkey.yourdomain.com. Selectors allow you to have multiple DKIM keys for the same domain — for example, one per email service provider.