Set up DKIM to prevent email spoofing
Use the DomainKeys Identified Mail (DKIM) standard to help prevent spoofing on outgoing messages sent from your domain.
Email spoofing is when email content is changed to make the message appear from someone or somewhere other than the actual source. Spoofing is a common unauthorized use of email, so some email servers require DKIM to prevent email spoofing.
DKIM adds an encrypted signature to the header of all outgoing messages. Email servers that get signed messages use DKIM to decrypt the message header, and verify the message was not changed after it was sent.
More email security
We recommend setting up these security methods along with DKIM:
- Sender Policy Framework (SPF)–SPF specifies which domains can send messages for your organization.
- Domain-based Message Authentication, Reporting & Conformance (DMARC)–DMARC specifies how your domain handles suspicious emails.
DKIM signing increases email security and helps prevent email spoofing. We recommend you use your own DKIM key on all outgoing messages.
If you don’t generate your own DKIM domain key, Gmail signs all outgoing messages with this default DKIM domain key: d=*.gappssmtp.com
Messages sent from servers outside of mail.google.com won’t be signed with the default DKIM key.
Steps to set up DKIM
- Generate the domain key for your domain.
- Add the public key to your domain’s DNS records. Email servers can use this key to verify your messages’ DKIM signatures.
- Turn on DKIM signing to start adding a DKIM signature to all outgoing messages.