Adding a DKIM record to your DNS

Adding a DKIM record to your DNS is quite simple.

First, your create a key pair with openssl:

openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key

Your public key looks now like:

-----END PUBLIC KEY-----

Now you convert this output to one single line:


This line you will use as public key in your DNS record.

Next, add two txt records like          IN TXT o=!; IN TXT v=DKIM1;k=rsa;p=<public key>

Which means:

  • o=~ the server signs some mail
  • o=- all mail is signed, but unsigned mail should be accepted
  • o=! all mail is signed, do not accept unsigned mail
  • t=y I’m still testing
  • v=DKIM1 we use DKIM version 1
  • k=rsa it is a RSA key
  • r=<x@xx> report problems to this email address
  • p=<public key> this is the generated public key

Do not use keys with length other than 1024. 512 is too short and 2048 will give you problems with most DNS servers.