🔐 Authentication

How to Fix DKIM: Complete Setup Guide

📅 Updated March 2026⏱ 7 min read📋 Step-by-Step

DKIM (DomainKeys Identified Mail) is a cryptographic signature that proves your email actually came from your domain. Without it, Gmail, Outlook, and Yahoo will almost certainly send your email to spam.

This guide shows you exactly how to set up DKIM for every major email provider, with screenshots and troubleshooting tips.

💡First: Run a test at CheckEmailDelivery.com to confirm DKIM is actually your problem. It takes 60 seconds.

What is DKIM?

When you send an email, your server attaches a cryptographic signature to the message header. The receiving server then looks up your public key (stored as a DNS TXT record) and verifies the signature matches. If it does, the email passes DKIM.

🔑Private Key

Stays on your email server

📝Public Key

Published in DNS TXT record

Verification

Receiving server checks match

Setup Instructions by Provider

📧

Google Workspace

Easy15 min
  1. 1
    Go to admin.google.com → Apps → Google Workspace → Gmail → Authenticate Email
  2. 2
    Select your domain and click Generate New Record
  3. 3
    Choose a DKIM key length (2048-bit recommended)
  4. 4
    Copy the TXT record value that appears
  5. 5
    In your DNS provider, add a TXT record:
    Record Name
    google._domainkey
    Record Value
    v=DKIM1; k=rsa; p=MIGfMA0GCS...
  6. 6
    Wait 24–48 hours for DNS propagation, then click Start Authentication in Google Admin
📬

Microsoft 365

Medium20 min
  1. 1
    Go to admin.microsoft.com → Settings → Domains → Select your domain
  2. 2
    Click DNS records and find the DKIM CNAME records
  3. 3
    Add both CNAME records to your DNS:
    CNAME 1
    selector1._domainkey → selector1-yourdomain-com._domainkey.yourdomain.onmicrosoft.com
    CNAME 2
    selector2._domainkey → selector2-yourdomain-com._domainkey.yourdomain.onmicrosoft.com
  4. 4
    Go to Microsoft 365 Defender → Email & Collaboration → Policies → DKIM
  5. 5
    Select your domain and toggle Sign messages with DKIM to On
✉️

Zoho Mail

Easy10 min
  1. 1
    Go to mailadmin.zoho.com → Domains
  2. 2
    Click your domain → Email Configuration → DKIM
  3. 3
    Click Add Selector and generate a key
  4. 4
    Copy the TXT record and add it to your DNS
  5. 5
    Click Verify in Zoho once DNS propagates

Common DKIM Problems

DKIM=neutral (no signature)

Your email provider is not signing emails. Go back to your provider's admin console and enable DKIM signing.

DKIM=fail (bad signature)

The DNS record doesn't match. Check for typos in the TXT record or try regenerating the key.

DKIM=temperror (DNS timeout)

The receiving server couldn't reach your DNS. This usually resolves itself. If persistent, check your DNS provider's status.

Verify Your Setup

After setting up DKIM, wait 24–48 hours for DNS propagation, then verify:

  1. Run a test at CheckEmailDelivery.com — we check DKIM automatically
  2. Send a test email to Gmail and check the headers (click the three dots → "Show original") — look for dkim=pass
  3. Use a DNS lookup tool to verify your TXT record exists at [selector]._domainkey.yourdomain.com
🎯Need help? If you're still having trouble, run a test at CheckEmailDelivery.com and we'll show you exactly what's wrong.

Related Guides

DELIVERABILITYWhy Emails Go to Spam: 12 ReasonsAUTHENTICATIONSPF Record Setup GuideAUTHENTICATIONWhat is DMARC? Complete Guide