Authenticate email with DKIM

Turn on email signing

To maintain the safety and security of the email service, we use DKIM signing for all emails. We now sign all email traffic not signed with DKIM originating from Google for Work domains with d=* This should not cause any email delivery issues. In the rare event that your email is rejected, contact the receiving server administrator. In particular, you should suggest that receivers not reject emails based on a missing or unverifiable DKIM signature. See RFC 4871. To prevent any issues, we encourage you to add your own DKIM signature to your emails.

To begin signing mail messages with the domain key:

  1. Sign in to the Google Admin console.
  2. Click Apps > Google Apps > Gmail > Authenticate email.
  3. Select the domain whose mail you want to sign with the domain key.

    The page indicates the status of the domain key for the selected domain.

  4. Click Start authentication.

    You can activate DKIM authentication only after updating the DNS records for the domain. Google Apps tries to verify the existence of the DKIM domain key and displays a warning message if unable to do so. You might need to wait for the DNS record updates to take effect (can take up to 48 hours).

  5. Send email to confirm that DKIM signing is active.

    Send an email to someone who is using Gmail or Google Apps and review the message in the recipient's inbox. Click Show details and check that the 'signed by' line shows your domain name. (Note that you can't perform this test by sending yourself a test message.)

Was this article helpful?
Sign in to your account

Get account-specific help by signing in with your Apps for Work account email address, or learn how to get started with Apps for Work.