Enhance security for outgoing email (DKIM)

Generate the domain key

Skip this page if you purchased your domain from one of our domain host partners while signing up for G Suite. In that case, Google automatically generates the domain key for you.


Important: This feature is available after 24 hours from the creation of the G Suite account.

To generate the domain key used to sign mail:

  1. Sign in to the Google Admin console.
  2. Click Apps > G Suite > Gmail > Authenticate email.
  3. Select the domain for which you want to generate a domain key.

    The name of your primary domain appears by default. To generate a domain key for a different domain, select it from the drop-down list.

  4. Click Generate new record.
  5. If your registrar doesn't support 2048-bit keys, change the key length from 2048 to 1024.
  6. Optionally, update the text used as the DKIM selector prefix.

    The selector prefix is used to distinguish the domain key that G Suite uses from any other domain keys you may have. In most cases, you'll select the default prefix "google". The only reason to change the prefix is if your domain already uses a DKIM domain key with the selector prefix "google".

  7. Click Generate.

    The text box displays the information you need in order to create the DNS record that recipients query in order to retrieve the public domain key. 

Next: Update DNS records

Was this article helpful?
How can we improve it?