DKIM (DomainKeys Identified Mail) helps authenticate emails sent from your Google Workspace domain by adding a digital signature to outgoing messages. Receiving mail servers use this signature to verify that the email was sent from an authorized source and that the message content has not been modified.
To enable DKIM in Google Workspace, you must generate a DKIM record in the Google Admin console and add the provided TXT record to your domain’s DNS settings.
Once configured, Google will automatically sign all outgoing emails with DKIM.
Log in to the Google Admin console at
https://admin.google.com
Navigate to:
Apps → Google Workspace → Gmail
Click Authenticate email.
Select the domain you want to configure.
Click Generate new record.
Google will generate a DKIM record that includes:
• a selector (commonly google)
• a public key used for DKIM verification
The record will look similar to this:
Host / Name
google._domainkey.yourdomain.com
Type
TXT
Value
v=DKIM1; k=rsa; p=PUBLIC_KEY
Log in to your domain’s DNS provider (for example Cloudflare, GoDaddy, Namecheap, etc.) and create a new TXT record using the information generated in the Google Admin console.
Example configuration:
Host / Name
google._domainkey
Type
TXT
Value
v=DKIM1; k=rsa; p=PUBLIC_KEY
Save the DNS record after adding it.
DNS changes may take several minutes to propagate but can take up to 24 hours depending on your DNS provider.
After adding the DNS record:
Return to Google Admin → Gmail → Authenticate email.
Select your domain.
Click Start authentication.
Once authentication starts, Google will begin signing all outgoing emails from your domain with DKIM.
After enabling DKIM, send a test email from your domain and check the authentication results in the message headers.
A successful configuration will show:
DKIM=pass
This confirms that the receiving mail server was able to validate the DKIM signature using the public key stored in your DNS.