Generate a DKIM key pair and DNS record right in your browser. No data leaves your device.
Common selectors: default, google, selector1, mailneo
You create a public and private RSA key pair. The public key goes into your DNS as a TXT record. The private key stays on your mail server.
When your server sends an email, it uses the private key to create a cryptographic signature. This signature gets added to the email headers.
The recipient's mail server looks up your public key in DNS and uses it to verify the signature. If it matches, the email is authenticated.
DKIM (DomainKeys Identified Mail) is an email authentication method that lets the receiving server verify that an email was actually sent by the domain it claims to be from and hasn't been tampered with in transit. It works by attaching a digital signature to each outgoing message, which receiving mail servers can check against a public key published in your DNS records.
Without DKIM, anyone can forge the "From" address on an email and pretend to be your domain. That's a huge problem for deliverability and brand reputation. Spammers and phishers exploit unsigned domains all the time. Setting up DKIM tells inbox providers like Gmail, Outlook, and Yahoo that your emails are legitimate, which directly improves your chances of landing in the inbox instead of the spam folder.
DKIM is one of three pillars of email authentication, alongside SPF and DMARC. Together, they form a comprehensive defense against spoofing and phishing attacks. Most email providers now require at least DKIM and SPF to be configured before they'll trust your messages. If you're sending any kind of transactional or marketing email, setting up DKIM isn't optional anymore -- it's table stakes.
MailNeo monitors your SPF, DKIM, and DMARC records so you don't have to worry about deliverability. Get started for free.
Start Free