Turn on DKIM signing in the Admin console

Set up DKIM to prevent email spoofing

After you your domain key has been added at your domain provider, turn on DKIM signing in your Google Admin console. When you turn on DKIM signing, your messages will be authenticated with DKIM.

Important: It can take up to 48 hours for your updated DNS TXT record to take effect. If you turn on DKIM signing before the DNS TXT records update, Gmail can't find the DKIM domain key.

Turn on DKIM signing

After you add your DKIM key at your domain provider, turn on DKIM signing in your Google Admin console.

Turn on DKIM signing

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenGoogle Workspaceand thenGmail.
  3. Click Authenticate email.
  4. Select the domain where you want to start email signing. The page shows the status of email signing for the domain you selected.
  5. To begin authenticating messages with DKIM, click the Start authentication button. When DKIM setup is complete and working correctly, the status at the top of the page changes to: Authenticating email.
    Important: After you start authentication, the DKIM page in your Google Admin console might continue to display this message: You must update the DNS records for this domain. It can take up to 48 hours for email authentication to start. When the status changes to Authenticating email, your DKIM setup is complete.
  6. To verify that DKIM signing is turned on, send an email message to someone who is using Gmail or Google Workspace. You can't test DKIM setup by sending yourself a test message.
  7. Open the message in the recipient's inbox.
  8. Next to Reply, click More and thenShow original to show the entire message header.
  9. In the message header, the line starting with DKIM-Signature confirms that DKIM signing is on:

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=solarmora.com; s=google;

In this example, solarmora.com is the sending domain, and google is the signing domain.
Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Clear search
Close search
Google apps
Main menu
Search Help Center