Enhance security for outgoing email (DKIM)

2. Add domain key to DNS records

Help prevent email spoofing for outgoing messages

Skip this step if your domain was provided by a G Suite domain host partner

If your domain was provided by a G Suite domain host partner, skip this step. Gmail generates the domain key for you and adds it to your domain's DNS records. Go to Turn on DKIM signing.

Add the domain key to your domain's DNS records

  1. In the Admin console, get the values you need to create the TXT record at Apps > G Suite > GmailAuthenticate email. The values appear under the labels DNS Host name (TXT record name) and TXT record value.
  2. Sign in to the management console for your domain host.
  3. Locate the page where you update DNS records.

    Subdomains: If your domain host doesn't support updating subdomain DNS records, add the record to the parent domain. Learn about Updating DNS records for a subdomain.

  4. Add a TXT record:
    • In the first field, enter the text displayed in the Admin console under DNS Host name (TXT record name).
    • In the second field, enter the text string displayed in the Admin console under TXT record value.

    Notes: If your domain provider limits the length of TXT records, go to Domain keys and TXT record limits.

  5. Save your changes.

Tips for updating DNS TXT records

Creating DNS TXT records

Add a TXT record includes detailed instructions for creating TXT record for common domain hosts.

Learn about domain registrar limitations for creating TXT records.

Field names

Domain providers use different names for the fields associated with a TXT record. For example, GoDaddy labels the fields TXT Name and TXT Value. Name.com labels the fields Record Host and Record Answer. For most providers, the first field is the DNS Host name (TXT record name) and the second field is the TXT record value.

EasyDNS

If your domain provider is EasyDNS, add a period and your domain name to the end of the DNS Host name (TXT record name) value.

Enter the value in this format, where your_domain.com is the name of your domain: google._domainkey.your_domain.com.  

Domain keys and TXT record limits

DNS TXT records can have a maximum of 255 characters in a single string. To create TXT records over 255 characters, DNS chains multiple text strings together into a single TXT record.

A 2048-bit domain key exceeds the 255-character limit, and requires a TXT record created from chained text strings.

Contact your domain host to find out if they support TXT records longer than 255 characters:

  • If they do not, use 1024-bit domain keys for DKIM to stay within the 255-character limit.
  • If they do, find out what steps are required to update your DNS records with the domain key. The steps are different for different domain hosting services.  

Next steps

Turn on DKIM signing

Was this helpful?
How can we improve it?