3. Turn on DKIM signing

Set up DKIM to prevent email spoofing

After you generate your domain key and add the key to your domain record, turn on DKIM signing.

Important: It can take up to 48 hours for your DNS record updates to take effect. If you turn on DKIM signing before the records update, the DKIM domain key isn’t found. If the domain key isn’t found, Gmail displays a warning message.

Turn on DKIM signing

  1. Sign in to your Google Admin console.Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenGoogle Workspaceand thenGmail.
  3. Click Authenticate email.
  4. Select the domain where you want to start email signing. The page shows the status of email signing for the selected domain.
  5. To begin authenticating messages with DKIM, click the Start authentication button. When DKIM setup is complete, Authenticating email displays.Important: After you start authentication, the DKIM page in your Google Admin console continues to display this message: You must update the DNS records for this domain. If you’ve correctly added the TXT record to your domain’s DNS records, ignore the message. It can take up to 48 hours for email authentication to start.
  6. To confirm that DKIM signing is turned on, send an email message to someone who is using Gmail or Google Workspace. You can’t do this test by sending yourself a test message.
  7. Open the message in the recipient’s inbox.
  8. Next to Reply, click More and thenclick Show original.The entire message header displays.
  9. In the message header, the line starting with DKIM-Signature confirms that DKIM signing is on. See this example, where d is the sending domain and s is the signing domain:DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; s=google;

Was this article helpful?

Related Articles