logo
Email Security Tools

DKIM Record Generator Tool

Generate a valid DKIM record for your domain so receiving servers can verify that your outgoing email is authentic and has not been tampered with.

DKIM works by generating a matched key pair. Your mail server uses the private key to sign every outgoing message. The public key is published in your DNS so receiving servers can verify those signatures. Use this generator to create that key pair. The private key is generated entirely in your browser and is never sent to any server. Copy it into your mail platform, then add the DNS record to your domain.

If you use Microsoft 365 or Google Workspace, DKIM key generation is handled inside those platforms rather than through a standalone generator. Use this tool if you manage your own mail server or if your email platform requires you to supply your own key pair.

Key settings
A label that identifies this key in your DNS. Use a simple name like mail, dkim, or the current year. Must contain only letters, numbers, and hyphens.
The domain this DKIM key will sign email for.
2048-bit is the current standard. 4096-bit is stronger but may not be supported by all DNS providers due to TXT record size limits.
Need help getting your records right?
Wolferdawg IT Consulting reviews, fixes, and maintains email security records for small businesses in Lawton, Duncan, and across Southwest Oklahoma.
View Cybersecurity Services

Frequently asked questions

DKIM adds a digital signature to every email your domain sends. Receiving servers use that signature to confirm the message genuinely came from your domain and was not tampered with in transit. This makes it much harder for attackers to forge emails that appear to come from your business.

Your mail server uses a private key to sign outgoing messages. The public key is published in your DNS as a DKIM record so receiving servers can verify those signatures. The private key should never be shared or published. The generator on this page helps you build the DNS record that holds the public key.

Yes. SPF and DKIM protect against different types of email fraud and work together. SPF verifies that the sending server is authorized. DKIM verifies that the message content was not changed. DMARC then uses both SPF and DKIM results to enforce your email authentication policy. Having all three gives your domain the strongest protection.

Other email security tools

SPF Lookup
Check your SPF record
SPF Generator
Build a new SPF record
DKIM Lookup
Check your current DKIM record
DMARC Lookup
Check your DMARC record
DMARC Generator
Build a new DMARC record
Back to all email security tools