Enhance security for outgoing email (DKIM)

3. Turn on DKIM signing

Set up DKIM to prevent email spoofing

After you generate your domain key and add the key to your domain record, turn on DKIM signing. 

Important: It can take up to 48 hours for your DNS record updates to take effect. If you turn on DKIM signing before the records update, the DKIM domain key isn't found. If the domain key isn't found, Gmail displays a warning message. 

Turn on DKIM signing

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenG Suiteand thenGmail.
  3. Click Authenticate email.
  4. Select the domain where you want to start email signing. The page shows the status of email signing for the selected domain.
  5. Click Start authentication.
  6. To confirm that DKIM signing is turned on, send an email message to someone who is using Gmail or G Suite. You can't do this test by sending yourself a test message.
  7. Open the message in the recipient's inbox.
  8. Next to Reply, click and select Show original.

    The entire message header displays.

  9. In the message header, the line starting with DKIM-Signature confirms that DKIM signing is on. See this example, where d is the sending domain and s is the signing domain:

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; s=google;

Was this helpful?
How can we improve it?