DKIM stands for DomainKeys Identified Email. It provides a way to validate that an organization delivering an email has the right to do so. Amber IT also automatically generates and adds DKIM to your hosted DNS entries on our server. This is used so that e-mail providers accept your letters and with also our added SPF records don't mark them as SPAM.
DKIM requires the addition of public keys into your DNS zone. The key is often provided to you by the organization that is sending your email, for example, SendGrid, Postmark, or Google Apps. The key will either be inserted directly into your zone as a TXT record, or it will be a CNAME pointing to the key in your provider’s DNS.
If you’re given a string representing the DKIM, it usually looks something like this:
k=rsa; t=s; p=MIGfMA0Gegeth4sAQUAA4GNADCBiQKBgQDGMjj8MVaESl3sfsOVh15u9YK2AmTLgk1ecr4BCRq3Vkg3Xa2Qrwfwfj9FNqBYOr3XIczzU8gkK5Kh42P4C3DgNi5ITN/EvVAn/ImjoGq5IrcO+hAj2iSAozYTEpJsvF33G41245tgfdskj5JI6ibyJwIDAQAB
Insert this into a TXT record. Do this by following the instructions for creating a record, selecting TXT as the record type, and entering the string you were given into the Content field.
Your provider will also give you a specific subdomain to use, usually something like:
Enter this subdomain in the “Name” field.
If your provider gives you a fully-qualified name that ends with your domain name, DO NOT include your domain name in the “Name” field when you add the TXT record. If you’re given
pm._domainkey.yourdomain.com, only enter
pm._domainkey in the “Name” field.
If your provider gave you the DKIM record and it included double quotes around the record, or backslashes before semi-colons in the record, you may safely remove them. The quotes are handled automatically by our name servers, and the semi-colons will automatically be escaped if necessary.
Sometimes there will be forward slashes or other unusual characters in the DKIM record. Don’t modify those.
The dig tool is a good way to verify that your DKIM record is being returned correctly by our DNS servers.
To verify the DKIM record, query for the TXT record at the fully qualified domain name where the TXT record lives. For example, on the domain example.com, you can get the TXT record using the following query:
dig +short google._domainkey.example.com TXT
This will return a result like this:
"v=DKIM1\; k=rsa\; p=MIGfMA0Gegeth4sAQUAA4GNADCBiQKBgQDGMjj8MVaESl3sfsOVh15u9YK2AmTLgk1ecr4BCRq3Vkg3Xa2Qrwfwfj9FNqBYOr3XIczzU8gkK5Kh42P4C3DgNi5ITN/EvVAn/ImjoGq5IrcO+hAj2iSAozYTEpJsvF33G41245tgfdskj5JI6ibyJwIDAQAB"
If no result is returned, verify that you added the TXT record with the correct subdomain. Remember the “Name” field in Amber IT should not include your domain name, otherwise, you’d create a record at
Verify your DKIM with an online tool like this one from Treehouse. This tool verifies that you have SPF and DKIM records. In the DKIM selector field, just add the first part from the subdomain your DKIM is under. For example, if your DKIM is at
google._domainkey.example.com, then the DKIM selector is “google”.
If you want to get technical and read more about the technical details of DKIM, head over to DKIM.org. Where you will find additional information about DKIM and specifics.
If you have problems adding your providers provided DKIM to Amber IT hosting, please feel free to contact our support and we will assist you.