Page Outline

DKIM Records

DomainKeys Identified Mail (DKIM) records are used by the email receiver to verify the source of the email and detect email spoofing. It works by digitally signing each email with a private key which the receiver can verify using the public key in your DKIM record. This adds certainty that the received email is sent from the domain it claims. You can learn more about DKIM records in this Wikipedia article.

Example DKIM record:

DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=brisbane;
     c=relaxed/simple; q=dns/txt; l=1234; t=1117574938; x=1118006938;
     h=from:to:subject:date:keywords:keywords; 
     bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=; 
     b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZ 
              VoG4ZHRNiYzR

Adding a DKIM Record

There are two ways to add a DKIM record to your domain:

  1. A TXT record containing the DKIM value.
  2. A CNAME alias that points to a DKIM record (provided by your email provider).

SiteHost supports DKIM through a TXT record entry in our DNS Zones module.

  1. Click the DNS Zones module from the menu on the left.
  2. Select your Zone Name you wish to modify.
  3. Selected TXT as the Record type.
  4. If you were only given a CNAME alias by your email provider, you can find the raw DKIM record yourself (skip this step if you have the raw DKIM record):
    • To find the raw DKIM record on Linux/MacOS systems, run the following command in the terminal, replacing default._domainkey.mydomain.co.nz with the CNAME alias from your provider.
      dig +noall +answer default._domainkey.mydomain.co.nz TXT
      default._domainkey.mydomain.co.nz. 300 IN   TXT "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Kd87/UeJjenpabgbFwh+eBCsSTrqmwIYYvywlbhbqoo2DymndFkbjOVIPIldNs/m40KF+yzMn1skyoxcTUGCQs8g3FgD2Ap3ZB5DekAo5wMmk4wimDO+U8QzI3SD0" "7y2+07wlNWwIt8svnxgdxGkVbbhzY8i+RQ9DpSVpPbF7ykQxtKXkv/ahW3KjViiAH+ghvvIhkx4xYSIc9oSwVmAl5OctMEeWUwg8Istjqz8BZeTWbf41fbNhte7Y+YqZOwq1Sd0DbvYAD9NOZK9vlfuac0598HY+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB"
      
    • It is also possible to use tools like DNS Checker and What's My DNS? to extract the raw DKIM record.
  5. Set the Record Name as the {signing domain}.{selector}. For the example above, set it as default._domainkey (see screenshot).
  6. Set the Record Address as the raw DKIM value, the blue text between the double quotes (see screenshot).
  7. Click Save Changes to update the Zone settings.

Example DKIM Record