Authenticate email with DKIM

About DKIM

Help prevent email spoofing on outgoing messages


Use the DomainKeys Identified Mail (DKIM) standard to help prevent email spoofing on outgoing messages.

Email spoofing is when email content is changed to make the message appear from someone or somewhere other than the actual source. Spoofing is a common unauthorized use of email, so some email servers require DKIM to prevent email spoofing.

DKIM adds an encrypted signature to the header of all outgoing messages. Email servers that get these messages use DKIM to decrypt the message header,  and verify the message was not changed after it was sent. 

Use DKIM with SPF and DMARC

Along with DKIM,  we recommend setting up Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting & Conformance (DMARC). DKIM verifies message content is authentic and not changed. SPF specifies domains that can send messages for your organization. DMARC specifies how your domain handles suspicious emails.

If you don't set up DKIM, Gmail uses default DKIM

DKIM signing increases email security and helps prevent email spoofing. We recommend you use your own DKIM key on all outgoing messages.

If you don't turn on email signing with your own domain DKIM key, Gmail signs all outgoing messages with this default DKIM domain key: d=*.gappssmtp.com. Email sent from servers outside of mail.google.com won't be signed with the default DKIM key.

Steps to set up DKIM

  1. Generate the domain key for your domain.
  2. Add the public key to your domain's DNS records. Email servers can use this key to read message DKIM headers.
  3. Turn on DKIM signing to start adding a DKIM signature to all outgoing messages.