A DKIM record, short for DomainKeys Identified Mail record, is a type of Domain Name System (DNS) TXT record that stores the public key used to verify the digital signature in an email message. DKIM is an essential email authentication protocol that helps prevent spoofing and ensures message integrity.
What Is a DKIM Record?
A DKIM record enables receiving mail servers to confirm that an email was not altered in transit and that an authorized domain sent it. It works by using cryptographic keys:
- Private key: Used by the sending mail server to generate a unique digital signature added to the email header
- Public key: Published in the sender’s DNS as a DKIM record, which receiving servers use for validation
When a receiving mail server processes an email, it retrieves the DKIM public key from the sender’s domain DNS to verify the email’s digital signature. If the signature matches, the email passes DKIM authentication.
How Does a DKIM Record Work?
The DKIM process involves these steps:
- Email signing: The sending server generates a digital signature using its private key and inserts it into the email header
- DNS lookup: The receiving server queries the sending domain’s DNS for the DKIM record associated with the selector specified in the email header
- Signature verification: The server uses the public key from the DKIM record to validate the email’s signature
- Pass or fail result: If the signature matches, the email is authenticated; if not, it may be flagged or rejected
The DKIM record is stored in DNS under a selector, which allows multiple keys for different services or purposes.
Why Is a DKIM Record Important?
DKIM records are critical for:
- Ensuring email integrity: Confirms that the message content was not altered after leaving the sender’s server
- Improving deliverability: Emails that pass DKIM checks are more likely to reach the inbox instead of the spam folder
- Preventing domain spoofing: Helps protect your brand and recipients from phishing attacks
- Supporting DMARC compliance: DMARC relies on SPF and DKIM alignment to enforce email policies
Without a valid DKIM record, messages may fail authentication and risk being blocked or filtered into spam.
Common Use Cases
DKIM records are widely used for:
- Business email security: Authenticating corporate emails sent through internal or external servers
- Third-party services: Authorizing email marketing platforms, CRMs, and automation tools to send authenticated emails
- Compliance: Meeting email authentication requirements for financial, healthcare, and enterprise organizations
- Deliverability optimization: Aligning authentication standards to improve inbox placement rates
Example scenario: A company adds a DKIM record for its domain when configuring Google Workspace or Microsoft 365. This ensures all outbound emails include a verifiable digital signature, reducing the risk of being flagged as spam.
FAQs About DKIM Record
How do I find my DKIM record?
Check your DNS settings or use online lookup tools to view the DKIM TXT record associated with your domain.
Can a domain have multiple DKIM records?
Yes. Multiple selectors allow separate DKIM keys for different services or servers.
Does DKIM guarantee email deliverability?
No. DKIM improves authentication and trust, but deliverability also depends on SPF, DMARC, list quality, and engagement.
