Red Bridge CyberRed Bridge Cyber
Customer Login
What We CheckHow It WorksPricingResearchAboutBlogCustomer Login

What is DKIM and how do I know if mine is right?

DKIM (DomainKeys Identified Mail) is a cryptographic signature your mail service adds to every outgoing email, paired with a public key published in your DNS. Receiving servers use the key to verify the message really came from your domain and was not altered in transit. To check yours: send an email to a Gmail address, open it, choose "Show original", and look for dkim=pass with your domain next to it — or run your sending domain and selector through MXToolbox’s DKIM lookup. Two things commonly need fixing:

  • a missing signature on mail sent by third-party tools — each sending service needs its own DKIM setup
  • weak keys — older DKIM setups still use RSA 1024-bit keys, short enough that current-generation hardware can factor them; rotate to 2048-bit.

Use 2048-bit keys.