This article is intended for customers using the paid version of our product, Enforce. 


DKIM is an internet standard that is one of the two ways you can authenticate emails for DMARC. It can be used to prove not only that an email is from who it says it is from but also that the email has not been modified in transit.


There are two types of DKIM keys: TXT and CNAME records. The service that will generate the DKIM keys will specify what type of record the key will be. 


Sample TXT DKIM key 

Record Name: abc._domainkey.yourdomain.com

  • The part in front of ._domainkey is the SELECTOR 

  • After ._domainkey you have the domain or subdomain that owns the record. 

Record Type: TXT

Record Value: "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8XzjQk7VuhGE+u6hGVVgJ75C4heUBOVJ/EW+KYjVut36h0NnGWxwLi+G6Twm1jpKnUuyTM4/cvPh1POJt8feYLRkbBRBEsgDgP5gnkNWpK1REp730dDYYEZyF6rwPEAJulx3yEONh81xsi6bWP4RcSl+enVEIKEPK93syZ2ZPrQIDAQAB"


Sample CNAME DKIM key 

Record Name: abc._domainkey.yourdomain.com

  • The part in front of ._domainkey is the SELECTOR 

  • After ._domainkey you have the domain or subdomain that owns the record. 

Record Type: CNAME

Record Value: selector2-yourdomain._domainkey.thirdpartyserver.com 

(The only difference between a CNAME record type DKIM key is the Record value)


The record value of a CNAME type DKIM key will point to a 3rd party server (Microsoft, Google, Mailchimp), which is the one that will respond with a TXT value for the key. 


To add a DKIM key in the Enforce platform, go to the “Domains” page, click on the domain name for which you want to add a DKIM key, and click “Add a DKIM key” in the “DKIM Key” section. 

  1. Type the Selector name 

  2. If the DKIM key is for a subdomain, associate the key with the subdomain. If the key is for the top-level domain, leave this field untouched 

  3. Associate the DKIM key with the sending service 

  4. Add a comment for the key, to make it easier for you to manage it 

  5. Select the type of DKIM record

  6. Add the value of the key. For TXT keys, this is what comes after ‘p=’, and for CNAME keys add the entire record value 

  7. If this is a newly created DKIM key, check this box. This will allow you to see the age of the key in the ‘DKIM Keys’ section

  8. Check this box only if the TXT record value contains the tag ‘t=s’. This is available only for TXT record keys

  9. When all the fields are completed, click ‘Add’