Strong Authentication With DKIM

Generate a valid DKIM TXT in seconds. Paste your public key, add selector & domain, copy & publish.

  • Cleans PEM input automatically (removes headers/line breaks).
  • Validates selector & domain format before building the record.
  • Copy-ready host, TXT value, and full BIND zone line.
Open DKIM Generator
DKIM Generation

What is a DKIM Record?

DKIM (DomainKeys Identified Mail) lets receivers verify that messages were authorized by your domain and not altered in transit. You publish a TXT record at <selector>._domainkey.<domain> containing your public key. Sending systems sign messages with the private key; receivers validate with this TXT.

A solid DKIM setup improves deliverability and is a core requirement for DMARC. Use DKIM together with SPF and DMARC for best results.

DKIM concept
DKIM validation

How To Create a DKIM Record?

Pick a short selector name (e.g. selector1) and generate a DKIM keypair (2048-bit recommended) in your mail system or MTA.

Host: <selector>._domainkey.<your-domain>
Value: v=DKIM1; k=rsa; p=<public-key>

Load the private key and selector in your MTA or provider. Send a test mail and verify with a DKIM checker.

Rotate selectors periodically and remove unused ones. Keep keys at 2048-bit for modern requirements.

DKIM RECORD GENERATOR

Paste your public key (PEM or raw), add selector and domain. We’ll clean and build the exact DNS TXT.

Lowercase letters, digits, and dashes only (max 63 chars).
Please provide a valid selector (a–z, 0–9, -).
Please provide a valid domain (no protocol, no path).
PEM headers and line breaks are removed automatically.
Public key is required.

Your DKIM Record

Publish as a TXT at the hostname below.

Zone file format (host IN TXT "…").
DKIM Generator

Frequently Asked Questions

Common questions about DKIM records

The selector lets you publish multiple keys for the same domain and rotate them safely.

Use RSA 2048-bit minimum. Some providers also support 1024/4096; 2048 is the modern baseline.

Create a TXT at <selector>._domainkey.<domain> and paste the generated value.

DNS supports quoted string splitting. Most UIs do this automatically; if not, split into multiple quoted chunks.