DKIM Key Pair Generator
Compatible with OpenSSL, PMTA, Postfix, and all RFC-compliant DKIM processors.
📖 Understanding Email Authentication & DKIM
DomainKeys Identified Mail (DKIM) is a foundational technology for modern email security and deliverability.
🛡️
What is DKIM and Why is it Important?
DKIM is an email authentication method that adds a cryptographic signature to your emails. This
signature acts like a "wax seal" on an envelope, allowing the receiving server to verify that the email
truly originated from your domain and hasn't been tampered with or altered in transit. Without DKIM, your
emails have a much higher chance of being falsely flagged as spam or rejected entirely by providers like
Gmail and Outlook.
🏷️
What is a DKIM Selector?
A selector is an arbitrary string of text (like default, mail, or s1) that points
to a specific public key in your domain's DNS records. Because a single domain can have multiple email
servers or third-party senders (like Mailchimp or SendGrid) sending on its behalf, the "selector" helps
the receiving end locate the exact correct key to verify the message.
🌐
DKIM Public Key
The public key is published openly to the internet via your domain's DNS zones as a TXT record.
Whenever you send an email, the receiving server looks up this public key in your DNS to solve the
cryptographic puzzle attached exactly to that email. If it passes, the email is proven authentic.
🔑
DKIM Private Key
The private key is a highly secure string that is stored locally and securely on your outgoing Mail
Transfer Agent (MTA) server, like Postfix or PowerMTA. This key is used only by your sending server
to generate and attach the cryptographic signature to every outgoing email. You must never share your
private key publicly.
✉️
The Email Authentication Trifecta (SPF, DKIM, DMARC)
DKIM works together with two other critical systems to secure your domain:
• SPF (Sender Policy Framework): Specifically dictates which IP addresses are allowed to send email on behalf of your domain.
• DKIM (DomainKeys Identified Mail): Proves that the specific email content is untampered and authorized by the domain owner.
• DMARC: The overarching policy that ties SPF and DKIM together. It instructs the receiving server on exactly what to do (e.g., quarantine or reject) if an email passes or fails the SPF or DKIM checks.
• SPF (Sender Policy Framework): Specifically dictates which IP addresses are allowed to send email on behalf of your domain.
• DKIM (DomainKeys Identified Mail): Proves that the specific email content is untampered and authorized by the domain owner.
• DMARC: The overarching policy that ties SPF and DKIM together. It instructs the receiving server on exactly what to do (e.g., quarantine or reject) if an email passes or fails the SPF or DKIM checks.