What is DKIM Record?

DKIM (DomainKeys Identified Mail) is a mechanism that allows senders to associate a domain name with an e-mail message. In technical terms, DKIM is a technique to authorize a domain to associate its name to an email message through cryptographic authentication. Once you sign an email with DKIM, you add a DKIM signature header and encrypt it. The sending email server is signing the emails with the private key. The recipient can use the DKIM record by performing a DNS query on the domain. There is a public key inside that the recipient uses to confirm the message is legit and verify the sender using the information in the header. The DKIM record is a way to prove emails can be trusted.

DKIM has the following look in your ClouDNS Control Panel:

Host Type Points to: TTL
_domainkey.yourdomain.com TXT DKIM-specific-text 3600

In ClouDNS, you can use it by creating a TXT record.

Why do you need a DKIM record?

DKIM provides an encryption key and digital signature that verifies that an email message was not forged or altered. The properly implemented DKIM record will improve the security of your email deliverability significantly. Thanks to the DKIM record, your recipients will have more trust in your domain. There will not be phishing or spoofing attacks on behalf of your domain. That way, your recipients will be safe, and you guarantee the positive reputation of your domain. DKIM record provides security to your domain’s mail server, and you can combine it with other DNS records like DMARC for even better protection. In addition, it is very easy to create it!

How to create a DNS DKIM Record?

To create DKIM, go to your DNS Zone Control Panel, click on "Add new record" and type, as follow:

Type: TXT
Host: (something.)_domainkey
Points to: DKIM-specific-text


Host: The host is given you by the domain key generator (it may be something._domainkey or only _domainkey)

Points to: DKIM-specific-text (this string here is also given by the DKIM generator)

You can see the example below:

DKIM record

How to add a DKIM record - Step by Step video:

How to start managing DKIM records for your domain name?

  1. Open free account from here - free forever
  2. Verify your e-mail address
  3. Log into your control panel
  4. Create new Master DNS from the [add new] button - read more here
  5. Add or modify the DKIM records you need as it is described in this article

DKIM record vs. SPF record

With the SPF record, you can specify precisely which mail servers and IP addresses are allowed to send email messages on behalf of your domain. It helps detect forgery and prevent spam. On the other hand, the DKIM record provides an encryption key and digital signature that confirms that an email message was not forged or modified. It prevents the delivery of harmful emails like spam. It is best if you use both DNS records for complete security and to ensure safe email communication.

DKIM record vs. DMARC record

DKIM record is a cryptographic signature added to outgoing emails to verify their authenticity and prevent spoofing. It confirms that the email originated from the genuine domain and hasn't been tampered with. On the other hand, the DMARC (Domain-based Message Authentication, Reporting and Conformance) record is a policy framework that is built on DKIM and SPF (Sender Policy Framework) to specify how email receivers should handle messages that fail authentication. It helps protect against phishing and spoofing attacks by providing email authentication and reporting mechanisms.

How to check DKIM records?

It is actually really easy to check your DKIM records. Here is how to do it in several different ways:

Nslookup command
You can use this command if you are a Windows, Linux, or macOS user. Type the following to find all TXT records for the specific host, including DKIM records:

nslookup selector._domainkey.domain txt

Dig command
The Dig command is a perfect option for anyone using Linux or macOS. Simply write the following, and you will view all the available TXT records for the specific host:

dig selector._domainkey.domain txt

Host command
The Host command is another great tool that can help you check your DKIM record. Type the following:

host -t txt _domainkey.domain.com

*Make sure to replace "selector" and "domain" with the corresponding DKIM selector and domain you want to check.

In case you prefer to use an online tool, you can check your DKIM record with ClouDNS Free DNS tool!

Support of DKIM records

ClouDNS provides full support for DKIM records for all our DNS services, including the listed below. Just write to our technical support, if you need any assistance with your DKIM records configuration. Our Technical Support team is online for you 24/7 via live chat and tickets.

Benefits of DKIM record

The implementation of DKIM records provides several advantages, including the following:

  • Improved Deliverability: Increased email deliverability and reduced chances of being flagged as spam.
  • Improved Security: Protection against email spoofing and phishing attacks, safeguarding both the organization and its recipients.
  • Brand Protection: Enhanced brand reputation by ensuring that messages are verified and authenticated. DKIM helps protect the brand and the sender's domain.
  • Compliance: In some industries, compliance with standards and regulations, such as GDPR and HIPAA is necessary. Implementing DKIM can help organizations meet regulatory requirements.


Question: Is DKIM a replacement for SPF or DMARC?

Answer: No, DKIM is not a replacement for SPF or DMARC. These email authentication methods complement each other. SPF helps verify that the sending server is authorized to send emails on behalf of the domain, while DKIM focuses on email integrity. DMARC provides policies and reporting to align SPF, DKIM, and other email authentication mechanisms, offering comprehensive protection against email-based threats.

Question: Can DKIM records prevent all types of email-based attacks?

Answer: While DKIM record provides a strong layer of email authentication, it is not a foolproof solution against all email-based attacks. DKIM primarily focuses on verifying the authenticity and integrity of emails. To maximize protection, it is recommended to implement other email authentication methods such as SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance).

Question: Is DKIM compatible with all email service providers?

Answer: Yes, DKIM is compatible with most major email service providers. It works seamlessly with popular email platforms such as Gmail, Outlook, and Yahoo Mail.

Question: Can I use DKIM records for personal and business email domains?

Answer: Yes, DKIM can be implemented for both personal and business email domains. It is an effective solution for anyone looking to enhance email security, reduce spam, and establish trust with email recipients.

Last modified: 2024-04-10
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more