DKIM Management
Generate and manage DKIM signing keys for your mail domains to improve email deliverability and authentication.
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every outgoing email, proving it was sent from an authorized server. Receiving mail servers verify this signature to confirm the email hasn't been tampered with and is genuinely from your domain. Without DKIM, your emails are far more likely to land in spam.
Pro feature
DKIM key management is available on the Pro plan and above.
Overview
The DKIM page shows all your mail domains with their DKIM status at a glance. Three stat cards at the top summarize:
- Active -- domains with DKIM keys that have been verified in DNS
- Pending DNS -- domains with generated keys waiting for DNS record verification
- Not Configured -- domains that don't have a DKIM key yet
Generating a DKIM key
- Navigate to the DKIM page from the sidebar
- Find the domain you want to configure (use the search bar to filter)
- Click Generate DKIM Key on the domain card
- The dashboard generates a 2048-bit RSA key pair and displays the DNS record you need to add
Adding the DNS record
After generating a key, the domain card shows the DNS TXT record you need to add at your DNS provider:
| Field | Example |
|---|---|
| Record Name | mail._domainkey.example.com |
| Record Value | v=DKIM1; k=rsa; p=MIIBIjANBgk... |
Click the Copy button to copy the full DNS record to your clipboard, then add it as a TXT record at your DNS provider (Cloudflare, Namecheap, Route 53, etc.).
DNS propagation
DNS changes can take up to 48 hours to propagate, though most providers update within minutes. The dashboard will show the key as Pending DNS until verification succeeds.
Key status
Each domain shows one of three statuses:
| Status | Meaning |
|---|---|
| Active | DKIM key is configured and DNS record verified. Outgoing emails are being signed. |
| Pending DNS | Key is generated but the DNS TXT record hasn't been verified yet. Add the record and wait for propagation. |
| Not Configured | No DKIM key exists for this domain. Generate one to start signing emails. |
Regenerating a key
If you need to rotate your DKIM key (recommended periodically for security), click the Regenerate button on the domain card. This generates a new key pair -- you'll need to update the DNS TXT record at your provider with the new value.
Update DNS after regenerating
After regenerating, the old DNS record is no longer valid. Update your DNS TXT record immediately to avoid DKIM verification failures on outgoing mail.
Deleting a key
Click the Delete button to remove a DKIM key. A confirmation dialog warns that outgoing emails from the domain will no longer be DKIM-signed, which may affect deliverability. You can also remove the corresponding DNS TXT record from your provider after deletion.