Enhance security for outgoing email (DKIM)

2. Add domain key to DNS records

Help prevent email spoofing for outgoing messages

Skip this step if your domain was provided by a G Suite domain host partner

If your domain was provided by a G Suite domain host partner, skip this step. Gmail generates the domain key for you and adds it to your domain's DNS records. Go to Turn on DKIM signing.

Add the domain key to your domain's DNS records

  1. Sign in to the management console for your domain provider.
  2. Locate the page where you update DNS records.

    Subdomains: If your domain host doesn't support updating subdomain DNS records, add the record to the parent domain. Learn about Updating DNS records for a subdomain.

  3. Create a TXT record using the name and value from the Gmail Admin console.

    To see the name and value you need to create the TXT record, in the Admin console go to Apps > G Suite > GmailAuthenticate.

    If your domain provider limits the length of TXT records, see Tips for updating domain provider DNS records.

  4. Update the DNS record:

    In the first field, enter the text under DNS Host name (TXT record name).

    In the second field, enter the text under TXT record value.

  5. Save your changes.

Tips for updating domain provider DNS records

Field names: Domain providers use different names for the fields associated with a TXT record. For example, GoDaddy labels the fields TXT Name and TXT Value. Name.com labels the fields Record Host and Record Answer. For most providers, the first field is the DNS Host name (TXT record name) and the second field is the TXT record value.

EasyDNS: If your domain provider is EasyDNS, add a period and your domain name to the end of the DNS Host name (TXT record name) value. Enter the value in this format, where your_domain.com is the name of your domain: google._domainkey.your_domain.com.  

Creating TXT records: For detailed instructions about creating TXT records, including instructions for common domain hosts, see Add a TXT record. For limitations with some domain hosts, see Domain registrar limitations for creating TXT records.

TXT record value limits: If your domain provider supports 2048-bit domain keys but limits TXT record characters to 255, you can't enter the DKIM key as a single text string. Instead, take these steps:

  1. Split the key into multiple text strings.
  2. Add quotes around each text string.
  3. Enter all text strings (with quotes) into the TXT record value field. In this example, the DKIM key is split into two text strings and each string is in quotes:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraC3pqvqTkAfXhUn7Kn3JUNMwDkZ65ftwXH58anno/bElnTDAd/idk8kWpslrQIMsvVKAe+mvmBEnpXzJL+0LgTNVTQctUujyilWvcONRd/z37I34y6WUIbFn4ytkzkdoVmeTt32f5LxegfYP4P/w7QGN1mOcnE2Qd5SKIZv3Ia1p9d6uCaVGI8brE/7zM5c/"

"zMthVPE2WZKA28+QomQDH7ludLGhXGxpc7kZZCoB5lQiP0o07Ful33fcED73BS9Bt1SNhnrs5v7oq1pIab0LEtHsFHAZmGJDjybPA7OWWaV3L814r/JfU2NK1eNu9xYJwA8YW7WosL45CSkyp4QeQIDAQAB"

Next steps

Turn on DKIM signing

Was this article helpful?
How can we improve it?