DKIM selectors

Protect against spoofing & phishing, and help prevent messages from being marked as spam

DKIM signatures are encrypted and decrypted with a pair of keys: a private key and a public key.

The sending server provides the private key that encrypts the DKIM signature. The public key that decrypts the DKIM signature is stored on a public DNS server. The DKIM selector (also called a prefix selector) specifies the DNS location of the public key. Receiving servers use the prefix selector to find the public key. 

When you set up DKIM following the steps in turn on DKIM for your domain, the prefix selector is automatically set to the default, google.

 If your domain already uses a DKIM key with the prefix selector google:

  • Enter a new prefix in the Generate new record box, when you get your DKIM key in the Admin console.
  • Make sure to use the new prefix when you add your DKIM information at your domain provider.

What is my DKIM selector?

To verify the DKIM selector for your domain:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. From the Admin console Home page, go to Appsand thenGoogle Workspaceand thenGmail.
  3. Click Authenticate email. The selector is the first part of the value shown in 1 DNS Host name (TXT record name):


Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Clear search
Close search
Google apps
Main menu
Search Help Center