How do I use DKIM?
First, let me stress that you can most likely live without DKIM and save yourself the frustration of dealing with this. DKIM provides extremely small benefit to inbox delivery reputation. It's only true benefit is to show that emails are actually from you and not spoofed, by using the signature. Now, raise your hand if you can think of a top mail provider that always rejects DKIM failures or a list of recipients that actually check if emails are signed. Crickets chirping? Exactly. The entire standard is pointless, it's only role required that people actually enforce the standard, and that ship has sailed.
If you do want to press forward, here is the tutorial. Don't rush this, you will miss a detail. Even if you think you don't, experience tells us that you're going to get the key wrong and either your DNS editor won't accept it or you won't pass DKIM checks, and you'll then open a ticket with us asking about it, and we likely won't know how to respond because eyeballing DKIM issues is next to impossible, so we'll just point you back to this guide and tell you to start over but do so more slowly. All this for a false sense of security or a false rumor that it significantly improves email delivery. Are you sure that's worth it? Alright, continue.
In the example below it is assumed you host example.com domain at MXRoute. Please change domain name accordingly.
After you completed order, in your welcome email from MXRoute, you are given their DNS servers addresses. In description below, it is assumed it's ocean.mxroute.com. Please use actual NS name taken from your welcome email.
It is assumed you host your domain (example.com) DNS records elsewhere and that you can add or update TXT records on the mentioned DNS hosting service.
Step 1. Enable DKIM in cPanel, the setting can be found in "Authentication" link under the Email tab.
Step 2. Get proper DKIM record from MXRoute. Open site:
And enter the following information in the field of lookup tool:
Host/IP address: default._domainkey.example.com
DNS server: ocean.mxroute.com
Query type: TXT
Don’t forget to replace example.com with your hosted domain name, and ocean.mxroute.com with your MXroute server's hostname.
Click "Query!". It will return two chunks of data looking like
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4aRAKPIsvUuNEWW6dAaIB75 7i/9NLGBvuYq+G5BE2vaSArA6wbLs/Qjoi9aV/iwBNwCaMK71k4IwPLzKvqUYKcTpS1Bd HN7mkbr3HKAx7Jy/IdwEM4hKmAnQ+yZZz9ho/938sICmsfKaByHVOwbAnkKGLhDPJCKQh pXMpqBQn/eWNPS6+KzpM/yQaxJI0H8dW
5LyNcrK6jaD2MhgQwjjDDeAYJiofNo/QK9Qgrk6p9l/vD1nOd8QmjRqN2JY+gnNIDFmCJ c2FqNGGbLI7Oa+tDlpGNZdbDmJmHovNgVUjT+F5eu3wUd5PPPs70T+4wBvUA6Q6XQDA+Y 04mDXA+QiyQIDAQAB;
Open any text editor capable of handling long lines, and paste both chunks into it. Do not allow whitespace between chunks, make sure there's no whitespace on either sides, as well. The resulting long string is DKIM record you need to create.
Step 3. Open your service to edit DNS settings for your example.com domain and add record:
default._domainkey TXT <text>
Replace <text> with the DKIM record obtained at Step 1. Note, certain DNS services may require to add double quotes around; however, those quotes are not part of the record. Specify as little TTL value (usually in seconds) as allowed. Save the changes.
Step 4. Open site
You will see randomlooking email address and a button. Send test email message to the mentioned email address taken from site from MXRoute Webmail interface to, from any email from example.com domain. Wait for a while, to allow message to arrive and click button on the above site, to verify.
After your test message arrives, the site will display a lot of information about it in several text area fields. In the second text area, with DKIM information, closer to the end should be validation results. If there's string
result = pass
Now you are done, DKIM is hopefully set up properly.
Note: Most probably the reason for DKIM setup failure can be:
- you didn’t use your actual domain name/correct name of MXRoute nameserver, from welcome message
- DKIM (TXT) DNS record default._domainkey for your domain hasn't yet been propagated (nameservers for the domain haven't yet added it)
- you have made mistake when setting DKIM field. Edit corresponding DNS record to verify there are no extra whitespace inside the line, or on either side of it.