DKIM Record Generator

DKIM signing requires a public key published in DNS. This tool generates the correct record format for your selector and public key.

Generate DKIM DNS Record

Selector

Common selectors: google, s1, s2, mail, selector1, selector2

Domain

Public Key (base64, without -----BEGIN/END----- lines)

Get this from your email sending service (Google Workspace, SendGrid, Postfix, etc.)

How DKIM Works

Your mail server signs outgoing emails with a private key. The recipient's server fetches your public key from DNS and verifies the signature. This proves the email wasn't tampered with in transit.

Finding Your Public Key

Your ESP (Google Workspace, Microsoft 365, SendGrid, Mailgun) generates the key pair. They give you the public key to publish in DNS. The format is: v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY