DKIM Record
From: https://support.google.com/a/answer/174124?sjid=16475661690433716483
-NC
Help prevent spoofing and spam with DKIM
Protect against spoofing & phishing, and help prevent messages from being
marked as spam
Set up DKIM to help protect your domain against spoofing, and help prevent
your outgoing messages from being marked as spam. Spoofing is a type of
email attack that forges the From address of an email message. A spoofed
message appears to be from the impersonated organization or domain. DKIM
detects when a message has been modified, and when unauthorized changes are
made to the message From: address.
Without DKIM, messages sent from your organization or domain are more
likely
to be marked as spam by receiving mail servers. Learn more about preventing
messages to Gmail users from being blocked or sent to spam.
Email authentication requirements for sending to Gmail accounts
Google performs checks on messages sent to Gmail accounts to verify
messages
are authenticated. To help ensure these messages are delivered as expected,
set up email authentication for your domain. We recommend you always set up
SPF and DKIM to protect your organization’s email, and to meet the
authentication requirements described in Email sender guidelines. If you
use
an email service provider: Verify that your provider's authentication
methods meet the requirements in Email sender guidelines. If you regularly
forward email: Follow our Best practices for forwarding email to Gmail to
help ensure messages are delivered as expected.
If your domain provider is Google Domains, Google automatically creates a
DKIM key, and adds the key to your domain’s DNS records when you set up
Google Workspace. Go directly to Turn on DKIM in your Admin console.
SPF and DKIM help prevent spammers from impersonating your organization.
How DKIM helps prevent spoofing and spam
Helps prevent spoofing
DKIM is a standard email authentication method that adds a digital
signature
to outgoing messages. Receiving mail servers that get messages signed with
DKIM can verify messages actually came from the sender, and not someone
impersonating the sender. DKIM also checks to make sure message contents
aren’t changed after the message has been sent.
When receiving servers can verify messages are from you, your messages are
less likely to be marked as spam.
With DKIM authentication, you improve the likelihood that legitimate
messages are delivered to recipients’ inboxes. Receiving servers can
verify messages are actually from your domain, and aren't forged.
Helps deliver messages to recipients’ inboxes
DKIM helps receiving email servers verify that messages are actually from
the organization shown in the email. When servers can verify that messages
are from your organization, they're less likely to mark them as spam. This
helps ensure messages are delivered to recipients’ inboxes because the
receiving server can validate the message came from your domain, and
isn’t
forged.
What you need to do
Before you set up DKIM
- Get the sign-in information for your domain provider
- Find out if your domain provider supports 2048-bit DKIM keys
- Understand DNS TXT records
- Check outbound gateway settings
- (Optional) Check for an existing DKIM key for your domain
For details, go to Before you set up DKIM.
Turn on DKIM for your domain
- Step 1: Get your DKIM key in your Admin console
- Step 2: Add your DKIM key at your domain provider
- Step 3: Turn on DKIM in your Admin console
- Step 4: Verify DKIM signing is on
For details, go to Turn on DKIM for
your domain.
Troubleshoot DKIM issues
- Verify DKIM is set up correctly
- Verify messages pass DKIM authentication
- Check message forwarding
- Contact the admin for servers that reject DKIM-authenticated messages
- Verify your domain providers TXT record character limits
- Review your email sending practices
For details, go to Troubleshoot DKIM issues.