Enhance security for outgoing email (DKIM)
3. Turn on DKIM signing
After you generate your domain key and add the key to your domain record, turn on DKIM signing.
If you don't turn on DKIM signing for your domain, Gmail will use default DKIM signing. Learn more
Before you turn on DKIM signing
Update your domain DNS records with your DKIM key before you turn on email signing. When you turn on email signing, Gmail verifies you have a DKIM domain key. If the DKIM domain key is not found, Gmail displays a warning message. It might take up to 48 hours for the DNS record updates to take effect.
Start DKIM signing
From the Admin console Home page, go to AppsG SuiteGmail.
- Click Authenticate email.
- Select the domain where you want to start email signing.
The page indicates the status of email signing for the domain you selected.
- Click Start authentication.
- To confirm that DKIM signing is turned on, send an email message to someone who is using Gmail or G Suite. You can't do this test by sending yourself a test message.
- Open the message in the recipient's inbox.
- Next to Reply, click and select Show original.
The entire message header displays.
- In the header, find the line starting with "DKIM-Signature", as in this example (d is the sending domain and s is the signing domain):
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; s=google;
This line in the message header confirms that DKIM signing is turned on.