DKIM Record Generator
Stop your email from being modified during transit with a DKIM record. Our free DKIM Record Generator helps you generate DKIM records in seconds!
DKIM Generator Results Explained
A DKIM record (a DNS TXT record) that contains various tags and their accompanying values is created when you utilize a DKIM record generation tool. These tags detail different DKIM configurations and parameters. Here are some potential DKIM tag outcomes when you use our DKIM generator and their justifications:
v (Version)
Possible value: DKIM1
Explanation: Indicates the version of the DKIM protocol being used. DKIM1 is the current version.
p (Public Key)
Possible value: A long string of characters that represents the public key.
Explanation: This is the public key that email receivers use to verify the digital signature on incoming email messages.
k (Key Type)
Possible value: rsa or ed25519
Explanation: Specifies the cryptographic algorithm used to generate the public key. “rsa” is the most common choice, but “ed25519” is an option for more modern and secure cryptography.
a (Algorithm)
Possible value: The signing algorithm, typically “rsa-sha256” or “ed25519-sha256.”
Explanation: Specifies the cryptographic algorithm used for creating the digital signature. “rsa-sha256” is commonly used with RSA keys, while “ed25519-sha256” is used with Ed25519 keys.
b (Signature Value)
Possible value: A long string of characters representing the digital signature.
Explanation: This tag contains the actual DKIM signature value, which is the result of applying the private key to the canonicalized email headers and body. It’s used to verify the authenticity of the email message.
bh (Body Hash)
Possible value: A long string of characters representing the hash of the canonicalized body.
Explanation: This tag contains the hash value of the canonicalized body of the email message. It is used for body integrity checks and is compared with the hash of the actual message body during verification.
t (Testing Mode)
Possible value: y or s
Explanation: If set to “y,” it indicates that this is a testing or development DKIM record. If set to “s,” it indicates that it’s a production (live) DKIM record.
x (Expiration Time)
Possible value: A timestamp (Unix time).
Explanation: Indicates the date and time at which the DKIM signature should be considered expired. The email receiver may choose to ignore signatures that have passed their expiration time.
g (Granularity)
Possible value: From null to empty string
Explanation: Specifies the granularity of the domain that this DKIM record covers. A null value means the entire domain, while other values can limit the DKIM signature to specific subdomains or subdomain patterns.
s (Selector)
s (Selector)
Possible value: A selector name.
Explanation: The selector is a unique name used to distinguish different DKIM records for a domain. It’s typically created by the domain owner and published in the DNS.
How to use a DKIM Record Generator?
A DKIM record generator is your very own DKIM wizard that helps you instantly create an error-free and accurate TXT record for your domains. To use the free DKIM record generator:
Enter your domain name in the designated box (if your website URL is https://company.com, your domain name will be company.com without the prefix)
Click on the “Generate DKIM record” button
You will receive a DKIM key pair (private and public keys)
You need to publish on your public key on your domain’s DNS
Creating a DKIM Record for Your Domain
In order to authenticate and secure email, your domain has to create DKIM record. DKIM makes it possible to confirm the legitimacy of the sender’s domain and guarantees that the email message was not changed in transit. This is essential for reducing the risk of email spoofing and phishing scams as well as for increasing email deliverability.
Here’s why it matters:
- DKIM’s authentication feature increases trust and lessens the chance of phishing by enabling email recipients to confirm that the message they received indeed originated from the domain it claims to be from
.
- To guarantee that the email has not been tampered with during transmission, DKIM digitally signs the email’s content and headers.
- To ascertain whether an email is authentic, several email services employ DKIM as one of the parameters. Your email’s chances of arriving in the recipient’s inbox as opposed to the spam bin can be increased if it has a verified DKIM signature.
The general procedures for creating a DKIM record for your domain are as follows:
The public-private key pair for DKIM can be generated using our DKIM generator tool. The public key is made available in your DNS records, while the private key is used to sign emails that are sent out.
Add the public key to your DNS as a TXT record, you must add the public DKIM key to the DNS records for your domain. The record is typically named default._domainkey.yourdomain.com, where yourdomain.com is your domain name, and it must adhere to a specified format.
To sign outgoing emails using the private DKIM key, you must set up your email server or service provider.
Adding your DKIM Record to the DNS
To add DKIM record to your DNS you can follow the steps given below:
Access your DNS settings
Access the control panel on the website of your DNS hosting company or your domain registrar. The DNS settings for your domain should be accessible to you as the administrator
Find DNS Settings
Look for a menu item or section in your DNS administration interface that is devoted to managing DNS settings, DNS records, or both. Depending on your DNS hosting provider, it can have a different label.
Add a New DNS TXT Record
Look for the option to add a new DNS record in the DNS management interface. Make “TXT” the record type selection. Your DNS provider may have different instructions, but generally speaking, adding or creating a new DNS record should be an option.
Save the Data
Save the DNS TXT record after entering the data. Depending on your DNS hosting provider, the procedure for saving or applying changes may change.
Put in the DKIM record details
You must enter the data that the DKIM generator tool provides. Typically, this contains the following:
- Name/Host/Hostname: The selector and domain should be used, for example, default._domainkey.yourdomain.com.
- Time to Live (TTL): Set the TTL value to specify how long DNS resolvers should keep the record in their cache. The standard number is 3600 (one hour), however you can change it as necessary.
- Value/Text: The DKIM generating tool’s public DKIM key is copied and pasted into the value field. It needs to be enclose in double quotes
DKIM Key Selector (s=) Explained
Your selector is appended to the very beginning of your record as a prefix. If you analyze your message header, you will find it in the s= tag which is useful in retrieving the public key from your DNS.
Can a domain have 2 DKIM records?
Yes. You may generate and publish 2 or more DKIM records for the same domain using our DKIM generator. This is a recommended practice for enhancing your DKIM protection, so you can rotate your keys periodically by shuffling between the different records created.
Why do you need a DKIM generator tool?
Using our DKIM wizard will save you the time and effort involved in manually creating your DKIM record that is susceptible to human error. If you are just starting out on your email authentication implementation journey, you can rely on our DKIM record generator to help you generate DKIM keys in seconds and kick-start authentication the right way!
Leave out the guesswork, and make sure you configure DKIM correctly for your domain with your very own DKIM generator tool!
What Our Clients & Partners Say About Us
“Our business is based on trust, not only between us and clients but partners as well. The great partnership we have with PowerDMARC allows us to deliver exceptional services to our clients.“
Steve Smith | Auckland Regional Manager, Advantage
