DKIM Key & Record Generator
Generate a DKIM RSA key pair and the DNS TXT record for your selector.
About this tool
This tool generates a fresh DKIM RSA key pair and the DNS TXT record to publish at selector._domainkey.yourdomain.com. Choose a selector name (e.g. default, s1, google) and domain, then copy the TXT record into your DNS panel and the private key into your mail server or email provider.
2048-bit RSA is recommended. Long public keys are automatically split into DNS-safe chunks for panels that limit TXT record length. After publishing, send a test message and verify with the DKIM Validator.
Frequently asked questions
Where do I put the private key?
Install it on the server or service that signs outgoing mail — your MTA (Postfix, Exim), cPanel, Google Workspace admin, Microsoft 365, SendGrid, etc. Never publish the private key in DNS or share it publicly.
What selector name should I use?
Any valid DNS label works. Use default for a single key, or provider-specific names like google (Google Workspace) or s1/s2 (SendGrid). Each selector can hold one active key.
Why is my DKIM record split into multiple strings?
2048-bit public keys often exceed 255 characters. DNS allows multiple quoted strings in one TXT record; resolvers concatenate them automatically.