DomainKeys Identified Mail (DKIM) is an email authentication standard that helps in preventing phishing, email spoofing, and spam, thus ensuring the safe deliverability of emails. It legitimizes the email, which, in turn, lets the recipient know that the email originated from a particular organization and has been verified. This way, no notorious group or individual can impersonate the organization and send emails on its behalf.
For detailed information on DomainKeys Identified Mail, read more on What is DKIM?
DKIM can be set up in these three steps:
- Generate a public key for your domain
- Integrate the public key into the domain’s DNS records
- Enable DKIM signing to add DKIM signatures to all outgoing messages
- Creating the key for the Domain
You must be a super admin to set up DKIM on your Google Workspace.
- Sign in to your Google Admin Console.
- Navigate to ‘Apps > Google Workspace > Gmail’.
- Authenticate your email.
- You will notice that your primary domain has been selected by default. Click on ‘Domain Name’ and select the domain where you wish to configure DKIM.
- Search for the ‘Generate New Record’ option and click on it.
Note: 2048-bit keys are more secure than 1024-bit keys. Select the DKIM key bit length keeping in mind the length supported by your domain.
- Click on ‘Generate.’
Note: A TXT record value has the text to update the DNS record at the host.
- Adding the generated DKIM key to the domain DNS records
- Login to your Domain host and sign in to the Management console.
- Navigate to the page where the DNS records are updated.
- Add a TXT record using the following steps:
Under the ‘DNS Host name’, enter the text as shown in the Admin Console.
Now, check for ‘TXT record value’ and enter the text shown in the Admin Console.
- Recheck your changes and click on ‘SAVE’.
Note: It takes 24-48 hours for authentication to start.
- Enabling DKIM signing
- Sign in to your Google Admin Console again.
- Go to ‘Apps > Google Workspace > Gmail’.
- Click on ‘Authenticate email’.
- Select the domain name where you want to enable email signing.
- Click ‘Start Authentication’. When the process is complete, the status should change to ‘Authenticating email’.