Authenticate email with DKIM
Turn on email signing
To maintain the safety and security of the email service, we use DKIM signing for all emails. We now sign all email traffic not signed with DKIM originating from Google for Work domains with d=*.gappssmtp.com. This should not cause any email delivery issues. In the rare event that your email is rejected, contact the receiving server administrator. In particular, you should suggest that receivers not reject emails based on a missing or unverifiable DKIM signature. See RFC 4871. To prevent any issues, we encourage you to add your own DKIM signature to your emails.
To begin signing mail messages with the domain key:
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
- From the Admin console dashboard, go to AppsGoogle AppsGmail.
- Click Authenticate email.
- Select the domain whose mail you want to sign with the domain key.
The page indicates the status of the domain key for the selected domain.
- Click Start authentication.
You can activate DKIM authentication only after updating the DNS records for the domain. Google Apps tries to verify the existence of the DKIM domain key and displays a warning message if unable to do so. You might need to wait for the DNS record updates to take effect (can take up to 48 hours).
- Send email to confirm that DKIM signing is active.
Send an email to someone who is using Gmail or Google Apps and review the message in the recipient's inbox. Click Show details and check that the 'signed by' line shows your domain name as in the following example. (Note that you can't perform this test by sending yourself a test message.)
Example: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; s=google;
where 'd' is the sending domain and 's' is the signing domain.