Help prevent spoofing and spam with DKIM

Protect against spoofing & phishing, and help prevent messages from being marked as spam

Set up DKIM to help protect your domain against spoofing, and help prevent your outgoing messages from being marked as spam. Spoofing is a type of email attack that forges the From address of an email message. A spoofed message appears to be from the impersonated organization or domain. DKIM detects when a message has been modified, and when unauthorized changes are made to the message From: address.

Without DKIM, messages sent from your organization or domain are more likely to be marked as spam by receiving mail servers. Learn more about preventing messages to Gmail users from being blocked or sent to spam.

Email authentication requirements for sending to Gmail accounts

Google performs checks on messages sent to Gmail accounts to verify messages are authenticated. To help ensure these messages are delivered as expected, set up email authentication for your domain. We recommend you always set up SPF and DKIM to protect your organization’s email, and to meet the authentication requirements described in Email sender guidelines. If you use an email service provider: Verify that your provider's authentication methods meet the requirements in Email sender guidelines. If you regularly forward email: Follow our Best practices for forwarding email to Gmail to help ensure messages are delivered as expected.

If your domain provider is Squarespace, Google automatically creates a DKIM key, and adds the key to your domain’s DNS records when you set up Google Workspace. Go directly to Turn on DKIM in your Admin console.

What are SPF and DKIM?

SPF and DKIM help prevent spammers from impersonating your organization.

How DKIM helps prevent spoofing and spam

Helps prevent spoofing

DKIM is a standard email authentication method that adds a digital signature to outgoing messages. Receiving mail servers that get messages signed with DKIM can verify messages actually came from the sender, and not someone impersonating the sender. DKIM also checks to make sure message contents aren’t changed after the message has been sent.

When receiving servers can verify messages are from you, your messages are less likely to be marked as spam.

With DKIM authentication, you improve the likelihood that legitimate messages are delivered to recipients’ inboxes. Receiving servers can verify messages are actually from your domain, and aren't forged. 

Helps deliver messages to recipients’ inboxes

DKIM helps receiving email servers verify that messages are actually from the organization shown in the email. When servers can verify that messages are from your organization, they're less likely to mark them as spam. This helps ensure messages are delivered to recipients’ inboxes because the receiving server can validate the message came from your domain, and isn’t forged.

What you need to do

Before you set up DKIM

  • Get the sign-in information for your domain provider
  • Find out if your domain provider supports 2048-bit DKIM keys
  • Understand DNS TXT records
  • Check outbound gateway settings
  • (Optional) Check for an existing DKIM key for your domain

For details, go to Before you set up DKIM.

Turn on DKIM for your domain

  • Step 1: Get your DKIM key in your Admin console
  • Step 2: Add your DKIM key at your domain provider
  • Step 3: Turn on DKIM in your Admin console
  • Step 4: Verify DKIM signing is on

For details, go to Turn on DKIM for your domain.

Troubleshoot DKIM issues

  • Verify DKIM is set up correctly
  • Verify messages pass DKIM authentication
  • Check message forwarding
  • Contact the admin for servers that reject DKIM-authenticated messages
  • Verify your domain providers TXT record character limits
  • Review your email sending practices

For details, go to Troubleshoot DKIM issues.

Was this helpful?

How can we improve it?
Clear search
Close search
Google apps
Main menu