Skip to main content
All CollectionsDNS recordsIONOS
How to set up DKIM for IONOS ESP?
How to set up DKIM for IONOS ESP?

One way to verify the authenticity of the sender is to use DKIM, a method that allows you to digitally sign emails.

Sasha Dolishchuk avatar
Written by Sasha Dolishchuk
Updated over 6 months ago

TXT record on the name server

In order for inbound mail servers to retrieve the sender's public key, it must be published as a TXT resource record in the domain's DNS zone.

The DKIM record contains the following elements:

  • The version often encoded with v=DKIM1

  • The encryption algorithm, which is always RSA (k=rsa).

  • The public key (p=); which is a long string.

  • The selector, which differs according to the provider. Example: default._domainkey or k1._domainkey

Sceenshot of a DKIM record

The DKIM record is a TXT resource record.

The DKIM record can usually only be retrieved using the email header. Both the domain name and the selector are required for the lookup. The selector is usually not known or is too time-consuming to find.

Creating a DKIM record

To create a DKIM record, you have to create an RSA key pair and place it in the correct location on the server. Most email providers will do this for you.

To better understand how DKIM works, you can create a record manually. Various tools are available free of charge on the Internet, such as the DKIM Record Generator by EasyDMARC. At the top of the screen, enter a selector of your choice (such as k1) on the left and a domain on the right. The generator displays a private and a public key. The private key must be stored on the mail server (this can only be done by your email provider), and the public key is entered in the DKIM record.

Screenshot of the DKIM Record Generator by EasyDMARC

DKIM Record Generator by EasyDMARC. Enter the domain and a prefix of your choice at the top of the screen. The generated DKIM record appears in green at the bottom of the screen.

Checking the DKIM record

You can check whether the DKIM record is actually publicly available by using a DKIM checker such as DKIM Record Lookup by EasyDMARC.

But the easiest way to check is by sending yourself an email and then looking at the header, where you’ll see the entry “DKIM-Signature:”

Screenshot of an email header with part of the DKIM signature

You can see the DKIM signature in the header of the email.

+Tip

You can copy the header to a header analyzer tool to view clearer, more detailed information about the email header.

Did this answer your question?