Up: DNS

DKIM Records

DomainKeys Identified Mail (DKIM) records are a way to authenticate email sent from a domain. DKIM requires setup in DNS and on the sending email server(s).

A DKIM record is added to DNS as a TXT record. The record contains a public digital key. The sending email servers are set up with a private digital key. When an email is sent, the sending server uses the email and the private key to generate a digital signature. The signature is added to the email headers. Receiving email servers verify the digital signature using a public key from the TXT record. If an email has fake headers or has been tampered with, the signature won’t be valid. A separate DMARC record can be used to tell mail servers what to do if the signature isn’t valid.

The sending email server uses a private digital key to generate a digital signature which is added to the email headers. The receiving email server verifies the signature using a public digital key from the DKIM DNS record. If an email has fake headers or has been tampered with, the signature won’t be valid.

How to Add a DKIM Record

Contact your email provider if you want to use DKIM. Your provider will give you a TXT record to add to your domain. The record will have a selector and signature. You can add the record as a TXT record:

  Host Name: selector._domainkey
(replace selector with the selector name provided by your email host)
Text: paste the signature text provided by your email host

The email host will then verify that the record was added. After they verify, they can start using a private key to sign outgoing email from your domain. 

DKIM Records with Pair Networks

If you use Pair Networks for email, you can set up DKIM through the Account Control Center:

  1. Log in to the Account Control Center
  2. In the left sidebar, click Domains
  3. In the drop-down, click Manage Your Domain Names
  4. Click the domain you want to add DKIM to
  5. Scroll down to the DomainKeys Identified Mail (DKIM) section, and click Change DKIM Settings
  6. Click Activate DKIM
    If you use Pair Networks name servers, the records are added automatically and you don’t need to do anything else. You can skip the rest of these steps.
    If you use Pair Domains Custom DNS, you will need to manually add the records
  7. In a new browser tab, log into the Domain Name Management System
  8. Click the domain to update
  9. Click Domain Address Settings
  10. If Custom DNS is already on for your domain, you can skip this step.
    If you are turning on Custom DNS, read the earning, agree to the Terms of Service, and click Enable
  11. Click Add New Record
  12. Select TXT from the Add New Record menu
  13. Paste the DKIM Hostname from the Account Control Center into the Host Name box
  14. Paste the DKIM TXT Record Value from the Account Control Center into the Text box
  15. Click Add Record
BACK Last updated: 6/27/23