H
10Corp Premium Hosting

Configuring DKIM Records

Last Updated: March 2026 3 min read

Overview

DKIM (DomainKeys Identified Mail) is an email authentication standard that uses cryptographic signatures to verify that a message was sent by an authorized server and has not been altered in transit. Along with SPF and DMARC, DKIM is a critical component of email security and deliverability.

How DKIM Works

  1. Key generation — Your email server or provider generates a pair of cryptographic keys: a private key (kept on the mail server) and a public key (published in DNS).
  2. Signing — When your server sends an email, it uses the private key to create a digital signature based on the message headers and body. This signature is added to the email as a DKIM-Signature header.
  3. Verification — The receiving server extracts the signature, looks up your public key in DNS, and uses it to verify the signature. If it matches, the message is confirmed as authentic and unaltered.

Setting Up DKIM

Step 1: Generate DKIM Keys

How you generate DKIM keys depends on your email service:

  • Hosting with cPanel — Go to Email > Email Deliverability and enable DKIM. cPanel generates the keys automatically.
  • Google Workspace — Go to Admin Console > Apps > Google Workspace > Gmail > Authenticate email > Generate new record.
  • Microsoft 365 — Go to Security > Email authentication > DKIM > select your domain > Create DKIM keys.
  • Other providers — Check your provider’s documentation for DKIM setup instructions.

Step 2: Add the Public Key to DNS

The public key is published as a TXT record (or sometimes a CNAME record) in your domain’s DNS. Log in to your 10Corp domain management dashboard and add the record.

A typical DKIM TXT record looks like:

TypeHost/NameValue
TXTselector._domainkeyv=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3…
  • selector — A label chosen by your provider (e.g., google, s1, default). Each provider uses its own selector.
  • v=DKIM1 — Identifies the record as DKIM.
  • k=rsa — The key type.
  • p= — The public key data (a long Base64-encoded string).

Some providers (like Microsoft 365) use CNAME records instead, pointing to a key hosted on their servers.

Step 3: Enable DKIM Signing

Return to your email provider’s admin panel and enable DKIM signing for your domain. The server will now sign all outgoing messages.

Verifying DKIM

  • Send a test email to a Gmail address and view the original message headers. Look for dkim=pass in the Authentication-Results header.
  • Use online tools like MXToolbox DKIM Lookup — enter your domain and selector to check the public key.
  • Command line: nslookup -type=TXT selector._domainkey.yourdomain.com

Multiple DKIM Records

Unlike SPF, you can have multiple DKIM records as long as each uses a different selector. This is common when you use multiple email services (e.g., one for regular email and one for marketing).

Common Issues

  • Key not found — DNS propagation can take up to 48 hours. Wait and try again.
  • Signature mismatch — Ensure you copied the full public key without extra spaces or line breaks.
  • DKIM not signing — Verify that DKIM signing is actually enabled in your email service’s settings.
Tags: email dkim dns authentication deliverability
Back to Email All Categories

Still need help?

Our support team is available 24/7 to assist you.

Open a Ticket Live Chat