DKIM Key Pair Generator

Compatible with OpenSSL, PMTA, Postfix, and all RFC-compliant DKIM processors.

Public Key (DNS TXT for )

Private Key (For your MTA e.g., )

The Definitive Guide to DKIM & Email Authentication

DomainKeys Identified Mail (DKIM) is a critical standard for modern email security, designed to prevent spoofing and ensure your messages are delivered accurately to the recipient's inbox.

1024-bit vs. 2048-bit DKIM Keys: Which to Choose?

When generating a DKIM key pair, the bit-length determines the strength of the cryptographic signature. While 1024-bit was the standard for years, modern cybersecurity mandates 2048-bit keys for superior protection against brute-force attacks.

🛡️ 2048-bit (Recommended) Virtually unhackable with current technology. Most major providers like Google and Microsoft now prefer or require at least 2048 bits for optimal deliverability.

⚠️ 1024-bit (Legacy) Still widely supported, but increasingly vulnerable. Use this only if your specific DNS provider has character limits that prevent publishing 2048-bit records.

How to Implement DKIM in Your Infrastructure

Implementing DKIM is a two-step process involving your sending server and your DNS zones:

Server Configuration: Install the private key on your Mail Transfer Agent (MTA). For Postfix, this is usually handled by OpenDKIM. For PowerMTA, you add the key path to your config file's dkim-sign directive.
DNS Publication: Create a new TXT record in your DNS provider (Cloudflare, GoDaddy, AWS Route 53). The host should be [selector]._domainkey and the value will be the public key generated by our tool.

The SPF, DKIM, and DMARC Trifecta

To achieve maximum deliverability, DKIM must work in harmony with SPF and DMARC:

SPF (Sender Policy Framework): Defines who is authorized to send email from your IP.
DKIM: Proves what was sent has not been altered in transit via a cryptographic "wax seal."
DMARC: The overarching policy that tells receivers how to handle emails that fail SPF or DKIM checks.

Frequently Asked Questions (FAQ)

What is a DKIM Selector?

A selector allows you to have multiple DKIM keys for a single domain. For example, your marketing team might use marketing._domainkey while your corporate mail uses office._domainkey.

Does DKIM encrypt my email?

No. DKIM provides authentication and integrity, not encryption. The email content is still readable in transit, but it is proven to be from you and untampered.

Is it safe to use an online DKIM generator?

Our tool generates keys locally in your browser using the RSA algorithm. No private keys are ever sent to or stored on our servers, ensuring 100% security for your infrastructure.