Important Alert: Google and Yahoo will require DMARC starting from Feb 2024.

DKIM Record Generator

Stop your email from being modified during transit with a DKIM record. Our free DKIM Record Generator helps you generate DKIM records in seconds!

DKIM Record Generator

Domain
Please enter a valid domain name, without http:// prefix
Selector
Key Length

Private key

You must enter this key in your DKIM signer. It must be kept secret, as anyone with access to it can stamp tokens pretending to be you

Generated DKIM Record

Please publish the DNS TXT record below on the subdomain

The Generated Public Key is using PEM format and can be published directly on the DNS

DKIM Generator Results Explained

A DKIM record (a DNS TXT record) that contains various tags and their accompanying values is created when you utilize a DKIM record generation tool. These tags detail different DKIM configurations and parameters. Here are some potential DKIM tag outcomes when you use our DKIM generator and their justifications:

v (Version)

Possible value: DKIM1

Explanation: Indicates the version of the DKIM protocol being used. DKIM1 is the current version.

p (Public Key)

Possible value: A long string of characters that represents the public key.

Explanation: This is the public key that email receivers use to verify the digital signature on incoming email messages.

k (Key Type)

Possible value: rsa or ed25519

Explanation: Specifies the cryptographic algorithm used to generate the public key. “rsa” is the most common choice, but “ed25519” is an option for more modern and secure cryptography.

a (Algorithm)

Possible value: The signing algorithm, typically “rsa-sha256” or “ed25519-sha256.”

Explanation: Specifies the cryptographic algorithm used for creating the digital signature. “rsa-sha256” is commonly used with RSA keys, while “ed25519-sha256” is used with Ed25519 keys.

b (Signature Value)

Possible value: A long string of characters representing the digital signature.

Explanation: This tag contains the actual DKIM signature value, which is the result of applying the private key to the canonicalized email headers and body. It’s used to verify the authenticity of the email message.

bh (Body Hash)

Possible value: A long string of characters representing the hash of the canonicalized body.

Explanation: This tag contains the hash value of the canonicalized body of the email message. It is used for body integrity checks and is compared with the hash of the actual message body during verification.

t (Testing Mode)

Possible value: y or s

Explanation: If set to “y,” it indicates that this is a testing or development DKIM record. If set to “s,” it indicates that it’s a production (live) DKIM record.

x (Expiration Time)

Possible value: A timestamp (Unix time).

Explanation: Indicates the date and time at which the DKIM signature should be considered expired. The email receiver may choose to ignore signatures that have passed their expiration time.

g (Granularity)

Possible value: From null to empty string

Explanation: Specifies the granularity of the domain that this DKIM record covers. A null value means the entire domain, while other values can limit the DKIM signature to specific subdomains or subdomain patterns.

s (Selector)

Possible value: A selector name.

Explanation: The selector is a unique name used to distinguish different DKIM records for a domain. It’s typically created by the domain owner and published in the DNS.

How to use a DKIM Record Generator?

DKIM Record Generator

A DKIM record generator is your very own DKIM wizard that helps you instantly create an error-free and accurate TXT record for your domains. To use the free DKIM record generator:

1

Enter your domain name in the designated box (if your website URL is https://company.com, your domain name will be company.com without the prefix)

2

Click on the “Generate DKIM record” button

3

You will receive a DKIM key pair (private and public keys)

4

You need to publish on your public key on your domain’s DNS