Help prevent spoofing and spam with DKIM

Protect against spoofing & phishing, and help prevent messages from being marked as spam

Tip: Google Workspace uses 3 email standards to help prevent spoofing and phishing of your organization’s Gmail. These standards also help ensure your outgoing messages aren’t marked as spam. We recommend Google Workspace administrators always set up these email standards for Gmail: 

Learn more about how standard email authentication helps keep your organization’s email safe.

Set up DKIM to help protect your domain against spoofing, and help prevent your outgoing messages from being marked as spam. Spoofing is a type of email attack that forges the From address of an email message. A spoofed message appears to be from the impersonated organization or domain. DKIM detects when a message has been modified, and when unauthorized changes are made to the message From: address.

Without DKIM, messages sent from your organization or domain are more likely to be marked as spam by receiving mail servers. Learn more about preventing messages to Gmail users from being blocked or sent to spam.

If your domain provider is Google Domains, Google automatically creates a DKIM key, and adds the key to your domain’s DNS records when you set up Google Workspace. Go directly to Turn on DKIM in your Admin console.
 

What are SPF and DKIM?

SPF and DKIM help prevent spammers from impersonating your organization.


 

How DKIM helps prevent spoofing and spam

Helps prevent spoofing

DKIM is a standard email authentication method that adds a digital signature to outgoing messages. Receiving mail servers that get messages signed with DKIM can verify messages actually came from the sender, and not someone impersonating the sender. DKIM also checks to make sure message contents aren’t changed after the message has been sent.

When receiving servers can verify messages are from you, your messages are less likely to be marked as spam.

With DKIM authentication, you improve the likelihood that legitimate messages are delivered to recipients’ inboxes. Receiving servers can verify messages are actually from your domain, and aren't forged. 

Helps deliver messages to recipients’ inboxes

DKIM helps receiving email servers verify that messages are actually from the organization shown in the email. When servers can verify that messages are from your organization, they're less likely to mark them as spam. This helps ensure messages are delivered to recipients’ inboxes because the receiving server can validate the message came from your domain, and isn’t forged.

What you need to do

""

Before you set up DKIM

  • Get the sign-in information for your domain provider
  • Find out if your domain provider supports 2048-bit DKIM keys
  • Understand DNS TXT records
  • Check outbound gateway settings
  • (Optional) Check for an existing DKIM key for your domain

For details, go to Before you set up DKIM.

""

Turn on DKIM for your domain

  • Step 1: Get your DKIM key in your Admin console
  • Step 2: Add your DKIM key at your domain provider
  • Step 3: Turn on DKIM in your Admin console
  • Step 4: Verify DKIM signing is on

For details, go to Turn on DKIM for your domain.

""

Troubleshoot DKIM issues

  • Verify DKIM is set up correctly
  • Verify messages pass DKIM authentication
  • Check message forwarding
  • Contact the admin for servers that reject DKIM-authenticated messages
  • Verify your domain providers TXT record character limits
  • Review your email sending practices

For details, go to Troubleshoot DKIM issues.
Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

true
' data-mime-type=
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
true
true
true
73010
false
false