SendScale LogoSendScale

Free DKIM Record Generator

Generate DKIM keys for your domain in seconds. Protect your emails from spoofing and improve deliverability with proper authentication.

DKIM Generator

The domain you send email from (e.g., yourcompany.com)

A name to identify this key (e.g., "default", "mailgun", "sendgrid"). Use lowercase letters, numbers, and hyphens only.

2048-bit is more secure. Only use 1024-bit if your DNS provider cannot handle longer records.

Already have DKIM set up? Check your email authentication

What is DKIM?

DKIM (DomainKeys Identified Mail) is an email authentication protocol that lets you digitally sign your outgoing emails. When you send an email, your mail server adds an encrypted signature to the message header. The receiving server then looks up your public key in DNS and uses it to verify the signature.

If the signature is valid, the recipient knows the email genuinely came from your domain and was not tampered with during delivery. This builds trust with email providers and helps your messages reach the inbox instead of the spam folder.

How DKIM protects your domain

Prevents spoofing

Without DKIM, anyone can send emails that appear to come from your domain. Phishers exploit this to trick your customers. DKIM makes spoofed emails fail authentication, protecting your brand reputation.

Improves deliverability

Gmail, Microsoft, Yahoo, and other major providers check DKIM signatures when deciding where to deliver your email. Valid DKIM is a positive trust signal that helps your emails land in the inbox.

Enables DMARC

DMARC (Domain-based Message Authentication) relies on DKIM and SPF. Without DKIM in place, you cannot fully implement DMARC, which is now required by Google and Yahoo for bulk senders.

Survives forwarding

Unlike SPF, DKIM signatures survive email forwarding because the signature is attached to the message itself, not tied to the sending server's IP address.

How to set up DKIM for your domain

  1. Generate your DKIM keys using the tool above. Enter your domain and choose a selector name.
  2. Copy the DNS record that the tool generates. It includes the record name and value you need.
  3. Add the TXT record to your domain's DNS settings. Log into your DNS provider (like Cloudflare, GoDaddy, or Namecheap) and create a new TXT record.
  4. Configure your email server to sign outgoing emails with the private key. The exact steps depend on your email provider.
  5. Verify the setup using our Email Domain Checker to confirm the record is published correctly.

DKIM, SPF, and DMARC: the complete picture

DKIM is one part of a three-layer email authentication system. SPF specifies which servers can send email for your domain. DKIM proves the email was not altered. DMARC ties them together and tells receivers what to do when emails fail authentication.

For the best deliverability and security, you should have all three configured. Use our DMARC Record Generator to create your DMARC policy, and check your full setup with the Email Domain Checker.

Want to automate your email deliverability?

SendScale handles warm-up, authentication monitoring, and inbox placement so your emails actually land.

Try SendScale Free

Related free tools

Email Domain Checker

Verify your SPF, DKIM, and DMARC

DMARC Generator

Create your DMARC policy record

SPF Lookup

Check your SPF record

DKIM (DomainKeys Identified Mail) is an email authentication method that adds a digital signature to your outgoing emails. The signature is verified using a public key published in your DNS. This proves that emails actually came from your domain and were not altered in transit.