Important: It can take up to 48 hours for your DNS record updates to take effect. If you turn on DKIM signing before the records update, the DKIM domain key isn't found. If the domain key isn't found, Gmail displays a warning message.
Turn on DKIM signing
From the Admin console Home page, go to AppsGoogle WorkspaceGmail.
- Click Authenticate email.
- Select the domain where you want to start email signing. The page shows the status of email signing for the selected domain.
- Click Start authentication.
When DKIM setup is complete, "Authenticating email" displays.
- To confirm that DKIM signing is turned on, send an email message to someone who is using Gmail or Google Workspace. You can't do this test by sending yourself a test message.
- Open the message in the recipient's inbox.
- Next to Reply, click More click Show original.
The entire message header displays.
- In the message header, the line starting with DKIM-Signature confirms that DKIM signing is on. See this example, where d is the sending domain and s is the signing domain:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; s=google;