Free DKIM Record Generator
Stop your email from being modified during transit with a DKIM record. Our free DKIM Record Generator helps you create DKIM records in seconds!
DKIM Record Generator
Domain
Please enter a valid domain name, without http:// prefix
Selector
Key Length
Private key
You must enter this key in your DKIM signer. It must be kept secret, as anyone with access to it can stamp tokens pretending to be you
Generated DKIM Record
Please publish the DNS TXT record below on the subdomainThe Generated Public Key is using PEM format and can be published directly on the DNS
Setup DKIM the right way with PowerDMARC!
How to use our DKIM Record Generator
A DKIM record generator is your very own DKIM wizard that helps you instantly create an error-free and accurate TXT record for your domains. To use the free DKIM record generator:
Enter your domain name in the designated box (if your website URL is https://company.com, your domain name will be company.com without the prefix)
Click on the “Generate DKIM record” button
You will receive a DKIM key pair (private and public keys)
You need to publish on your public key on your domain’s DNS
Adding your DKIM Record to the DNS
To add DKIM record to your DNS you can follow the steps given below:
Access your DNS settings
Access the control panel on the website of your DNS hosting company or your domain registrar. The DNS settings for your domain should be accessible to you as the administrator.
DKIM Generator Results Explained
A DKIM record is a DNS TXT record that contains various tags and their accompanying values is created when you utilize a DKIM record generation tool. These tags detail different DKIM configurations and parameters. Here are some potential DKIM tag outcomes when you use our DKIM generator and their justifications:
v (Version)
Possible value: DKIM1
Explanation: Indicates the version of the DKIM protocol being used. DKIM1 is the current version.
p (Public Key)
Possible value: A long string of characters that represents the public key.
Explanation: This is the public key that email receivers use to verify the digital signature on incoming email messages.
k (Key Type)
Possible value: rsa or ed25519
Explanation: Specifies the cryptographic algorithm used to generate the public key. “rsa” is the most common choice, but “ed25519” is an option for more modern and secure cryptography.
a (Algorithm)
Possible value: The signing algorithm, typically “rsa-sha256” or “ed25519-sha256.”
Explanation: Specifies the cryptographic algorithm used for creating the digital signature. “rsa-sha256” is commonly used with RSA keys, while “ed25519-sha256” is used with Ed25519 keys.
b (Signature Value)
Possible value: A long string of characters representing the digital signature.
Explanation: This tag contains the actual DKIM signature value, which is the result of applying the private key to the canonicalized email headers and body. It’s used to verify the authenticity of the email message.
bh (Body Hash)
Possible value: A long string of characters representing the hash of the canonicalized body.
Explanation: This tag contains the hash value of the canonicalized body of the email message. It is used for body integrity checks and is compared with the hash of the actual message body during verification.
t (Testing Mode)
Possible value: y or s
Explanation: If set to “y,” it indicates that this is a testing or development DKIM record. If set to “s,” it indicates that it’s a production (live) DKIM record.
x (Expiration Time)
Possible value: A timestamp (Unix time).
Explanation: Indicates the date and time at which the DKIM signature should be considered expired. The email receiver may choose to ignore signatures that have passed their expiration time.
g (Granularity)
Possible value: From null to empty string
Explanation: Specifies the granularity of the domain that this DKIM record covers. A null value means the entire domain, while other values can limit the DKIM signature to specific subdomains or subdomain patterns.
s (Selector)
Possible value: A selector name.
Explanation: The selector is a unique name used to distinguish different DKIM records for a domain. It’s typically created by the domain owner and published in the DNS.
