Protect against spoofing & phishing, and help prevent messages from being marked as spam
DKIM signatures are encrypted and decrypted with a pair of keys: a private key and a public key.
The sending server provides the private key that encrypts the DKIM signature. The public key that decrypts the DKIM signature is stored on a public DNS server. The DKIM selector (also called a prefix selector) specifies the DNS location of the public key. Receiving servers use the prefix selector to find the public key.
When you set up DKIM following the steps in turn on DKIM for your domain, the prefix selector is automatically set to the default, google.
If your domain already uses a DKIM key with the prefix selector google:
- Enter a new prefix in the Generate new record box, when you get your DKIM key in the Admin console.
- Make sure to use the new prefix when you add your DKIM information at your domain provider.
What is my DKIM selector?
To verify the DKIM selector for your domain:
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu
Apps
Google Workspace
- Click Authenticate email. The selector is the first part of the value shown in
DNS Host name (TXT record name):
