DKIM record generator

Use Sendmarc’s DKIM record generator to quickly create a DomainKeys Identified Mail (DKIM) key pair and DNS record. This tool simplifies the generation of secure cryptographic keys and creates a correctly formatted DKIM record that can be published in your organization’s DNS to improve email authentication and deliverability.

What is a DKIM record generator?

To understand the role of a DKIM record generator, it’s important to first understand what DKIM is and how it works.

What is DKIM?

DKIM is an email authentication method that confirms that a message hasn’t been altered during transmission.

DKIM attaches cryptographic digital signatures to outgoing emails. This signature is unique to the sending domain and can be verified by the receiving email server using a public key published in the domain’s DNS records.

How does DKIM work?

DKIM relies on a pair of cryptographic keys:

  • Private key: Held securely on the sender’s email server, it generates a digital signature for each outgoing email
  • Public key: Published as a TXT record in the domain’s DNS, it enables the receiving email server to verify the authenticity of the message

When an email is sent, the sender’s email server uses the private key to generate a DKIM signature to verify that specific parts of the message, such as the header and body, haven’t been tampered with. This signature is inserted into the email header.

After receiving the email, the recipient server fetches the public key from the DNS. It uses this key to verify the digital signature. If the signature matches, the message passes DKIM validation, confirming that it hasn’t been tampered with during transit.

What is a DKIM generator?

A DKIM generator is a tool that automates the creation of a cryptographic key pair (private and public keys) and generates the associated DKIM record. Domain owners publish this record in their DNS to enable DKIM authentication.

Using a DKIM generator simplifies a technically complex process and helps ensure the generated record and keys are correctly formatted for deployment.

Why is a DKIM record generator important?

Implementing DKIM correctly is essential for any business that relies on email communication. A DKIM record generator is a critical tool for the following reasons:

Simplifies complex processes

Manually generating DKIM keys requires knowledge of cryptographic standards and precise DNS formatting. A DKIM record generator automates this process, reducing the risk of errors and saving time.

Ensures proper formatting

Incorrectly formatted DKIM records can cause email authentication to fail. Sendmarc’s DKIM record generator creates records that are compatible with all major service providers.

Supports DMARC and SPF integration

DKIM works with Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC) to create a comprehensive email authentication strategy. A DKIM record generator helps ensure this vital component is implemented correctly.

How to use Sendmarc’s DKIM record generator

Sendmarc’s DKIM generator is simple, even for users new to email authentication. Follow the steps below to generate your company’s DKIM key pair and DNS record.

Step-by-step guide:

1. Enter the domain name

Start by entering the domain that your organization’s emails will be sent from in the DKIM generator

2. Input the details

Name the selector and choose a size for the keys

3. Generate DKIM key pair

Select the Generate DKIM Record button to create a secure private and public key pair:
  • The private key will be used by your business’s email server to cryptographically sign outgoing emails
  • The public key will be included in the DNS record and made publicly accessible for verification

4. Review the DKIM record

The DKIM generator will display a properly formatted DNS TXT record, including the version and public key

5. Add the record to the DNS

Copy the generated TXT record and publish it on selector._domainkey.domain.com

6. Configure the email server

Import the private key into the email server

DKIM generator results explained

When your company generates a DKIM record using the tool, it’ll receive the following:

Private key

This key is used to sign outgoing emails. It must remain secure and confidential. Never share or publish this key.

Public key

This key is included in the DNS record. Receiving email servers use it to validate DKIM signatures and confirm message integrity.

DKIM record

This is a specially formatted DNS TXT record containing the selector, the public key, and other essential DKIM components. It must be published in your organization’s DNS to enable DKIM validation.

Verifying the DKIM record generator results

After publishing your business’s DKIM record, it’s essential to verify that it’s been configured correctly and is functioning as expected.

Validating the DKIM record

Use Sendmarc’s DKIM lookup tool to:

  • Confirm that the TXT record exists
  • Check that the public key format complies with DKIM standards
  • Identify common issues such as:
    • Missing or incomplete records
    • Syntax errors in the DNS entry
    • Mismatched or invalid cryptographic keys

Regular validation ensures the integrity of your company’s email authentication setup and reduces the risk of deliverability issues or security vulnerabilities.

Summary: How Sendmarc’s DKIM record generator works

Step Description
1. Enter the domain Input the domain that requires authentication
2. Generate the DKIM keys The DKIM generator creates a private and public key
3. Receive the DKIM record Get the TXT record containing the public key
4. Publish the DKIM record Add the TXT record to the DNS
5. Configure the email server Upload the private key to the email server
6. Verify setup Use our DKIM lookup tool to validate the record

DKIM record generator FAQs

What is a DKIM generator?

A DKIM generator is a tool that creates a cryptographic key pair (private and public keys) and generates the related DNS TXT record needed to enable DomainKeys Identified Mail (DKIM) authentication for a domain.

A DKIM signature is a digital signature included in the header of an email. The DKIM signature confirms that the message’s content hasn’t been altered during transmission.

DKIM selectors are unique identifiers that help distinguish between multiple DKIM keys used by the same domain. Using selectors allows domain owners to rotate keys without interrupting email authentication.

To generate a DKIM record, use a DKIM record generator. The tool will create a public and private key, as well as a DNS TXT record, which your organization must then publish in its DNS.

A DKIM key pair can be generated using a DKIM key generator. The DKIM generator produces a private key, which is used to sign emails, and a public key, which is published in the DNS and used by receiving email servers for verification.

A DKIM signature is created by the sending email server, which uses the private key to generate a cryptographic signature to confirm that the email header and body content haven’t been altered. This signature is added to the email header as part of the DKIM authentication process.

To set up a DKIM record, first generate a key pair, then publish the provided DNS TXT record on selector._domainkey.domain.com, and configure the email server to sign outgoing emails using the private key.

DKIM records are generally provided by email service providers. These records must be generated and published in the DNS to enable DKIM authentication.

A DKIM record is a DNS TXT record with a value that includes the DKIM version, key type, and public key. An example format is:
Host Type Value
selector._domainkey.yourdomain.com TXT v=DKIM1; k=rsa; p=[YourPublicKeyHere]

While not strictly required, having a DKIM record is highly recommended. A DKIM record helps prevent tampering, enhances email deliverability, and strengthens reputation.

Use our DKIM generator now!

Secure your business’s domain with stronger email security. Protect your company’s clients and improve email deliverability by using Sendmarc’s platform for advanced email authentication.