Optional background: What is DKIM?


Authenticate lets you add, view, and remove DKIM keys for different senders.


Managing DKIM Keys

DKIM keys are associated with senders.

Find the sender you want to manage keys for on the Domain dashboard.


Click on the sender to see more details.


On the sender's detail page, look for a 'Configuration' section, which should include DKIM.



If the sender supports sending with DKIM keys in an aligned manner (required for DMARC), then a section on DKIM will show here, including a list of relevant keys.


Adding a DKIM Key

To add a key, click 'Add DKIM Key' and complete the short form.


Domain will be pre-populated with our best guess, but you can change it to a subdomain if instructed to, like "mail.acme.com" or "1234.mydomain.com"

Selector is like the name for a key and is usually very short like "k1" or "20200816"

Type means whether the key you want to add is a TXT record, with a long string of seemingly random characters, or a CNAME record, which looks like a url.

If you select TXT, Public Key is the specific record value

If you select CNAME, CNAME is the url target where the key can be found.

Advanced Options are rarely necessary but allow you

  • To mark a key as "new" to help you track how old your keys are. (Most imported keys are of unknown age.)
  • To require a key to use "simple" mode, which makes authentication more difficult and we do not recommend.
  • To omit the version number at the beginning of the record. The only reason to do this is to support services that try to validate DKIM keys but don't accept the v=DKIM for validation.



Sample TXT key

Record Name: abc._domainkey.yourdomain.com

The part in front of ._domainkey is the SELECTOR
After ._domainkey you have the domain or subdomain that owns the record. 

Record Type: TXT
Record Value: "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8XzjQk7VuhGE+u6hGVVgJ75C4heUBOVJ/EW+KYjVut36h0NnGWxwLi+G6Twm1jpKnUuyTM4/cvPh1POJt8feYLRkbBRBEsgDgP5gnkNWpK1REp730dDYYEZyF6rwPEAJulx3yEONh81xsi6bWP4RcSl+enVEIKEPK93syZ2ZPrQIDAQAB"



Sample CNAME key 

Record Name: abc._domainkey.yourdomain.com

The part in front of ._domainkey is the SELECTOR 
After ._domainkey you have the domain or subdomain that owns the record. 

Record Type: CNAME

Record Value: selector2-yourdomain._domainkey.thirdpartyserver.com


View a Key

The configuration panel for DKIM will show all keys this sender can use to sign emails. Here you will also see if your keys are failing, unaligned, or encountering another problem. You can see all DKIM keys associated with this service across subdomains.


To see more about a specific key stored in Authenticate, click on the selector pill for that key.






Here you can see specific details about the key, for when you need to go on a real deep dive.


Deleting a Key

Deleting a key is straightforward. You will not be able to restore the key easily if you make a mistake, so consider copying down information on the key if you are not completely sure about this. Then you can Add a new key with the old information and everything will work again.


To remove a key, navigate to a sender's detail page.


View the key as described above.



Click the trash can icon in the upper right and then confirm you choice. The key is now gone.