Home / Tools / Configure DKIM signing for your email domain
Email Deliverability · Scan Check Guide

Configure DKIM signing for your email domain

30 min Impact: high Effort: medium ✓ Scan-verified — no manual checkbox

DKIM adds a cryptographic signature to outgoing email that proves it genuinely came from your domain and wasn't altered in transit — receiving mail servers check this signature as part of deciding whether an email is legitimate or spoofed.

DKIM cryptographically signs every email you send so receiving servers can verify it actually came from you. Without DKIM, your emails have no proof of origin and are significantly more likely to land in spam.

How to fix it

  1. 1
    Enable DKIM signing in your mail provider
    Google Workspace, Microsoft 365, and most transactional email services have a DKIM setup section that generates the keys for you.
  2. 2
    Add the DKIM DNS record they provide
    Your provider gives you a specific TXT record (usually at a selector._domainkey subdomain) — add it exactly as given.
  3. 3
    Verify it validates
    Send a test email and check the headers, or use a DKIM validation tool, to confirm signing is actually active.
  4. 4
    Repeat for every service that sends email as you
    Each sending service needs its own DKIM setup — this isn't a single domain-wide switch.

Common mistakes

How you'll know it's done

DKIM signing is active and validating correctly for every service that sends email as your domain.

Tools that help

H.I.V.E. checks this automatically

Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.

Run this check in H.I.V.E. →