_noob.tools
My IP
Return to Matrix Dashboard

🔑DKIM Record & RSA Key Generator

Generate public and private RSA keys to cryptographically sign outbound emails and get the required DNS TXT record for deployment.

DKIM Record Configuration

The domain name that sends the emails.

Identifies this specific key within your DNS records.

What is DKIM and why is it important?

DomainKeys Identified Mail (DKIM) is an email authentication standard that allows an organization to associate its domain name with an email message. This is achieved via a cryptographic signature attached to the email headers.

When a mail server receives a message, it uses the DKIM signature to verify that the email truly originated from the domain specified in the header and that the message content has not been altered in transit. Along with SPF and DMARC, DKIM is one of the three pillars of modern email security.

How does the record work?

1. The sending mail server (MTA) signs the email using the private key.
2. The receiving server queries the sender's DNS looking for the TXT record at [selector]._domainkey.[domain] to retrieve the public key.
3. The receiver decrypts the signature to verify the email's integrity and origin. If the signature matches, the email passes DKIM validation.

Security Recommendations:

  • Key Length: Using 2048 bits is recommended. 1024-bit keys are vulnerable to factoring attacks and are rejected by some providers. 4096-bit keys are supported, but keep in mind the character limit in DNS TXT records (255 characters per string).
  • Rotation: Rotate your DKIM keys periodically (e.g., every 6 to 12 months) to mitigate the risk of a compromised key.
  • Unique Selectors: Use distinct selectors for different sending services (e.g., one for Google Workspace, another for SendGrid) to avoid key conflicts and simplify rotation.