DKIM Record Generator
Generate an RSA key pair and DKIM DNS TXT record locally in your browser.
About the DKIM Record Generator
The DKIM Record Generator creates a new RSA key pair and the DNS TXT record you need to publish for DomainKeys Identified Mail. You choose a selector and key size, click generate, and get the private key PEM plus the TXT value for selector._domainkey.yourdomain.
DKIM lets receiving servers verify that a message was signed by an authorized sender and was not altered in transit. The private key stays on your mail server (or provider). The public key goes in DNS as a TXT record. This tool generates both locally so you can set up self hosted or custom signing before pointing your provider at the keys.
Everything runs in your browser with node-forge. Keys are never uploaded, logged, or sent to any server. Copy the private key immediately and store it securely; leaving the page clears it from memory.
After publishing DNS, use Email Health with your selector to confirm the record is visible. Pair with SPF and DMARC generators for a complete authentication setup.
Reach developers and designers who use these tools every day. Privacy-first, no trackers.
Frequently asked questions
Where do I publish the DKIM record?
Create a TXT record on the host selector._domainkey.yourdomain.com. For selector s1 on example.com that is s1._domainkey.example.com. Paste the generated TXT value.
Is the private key uploaded?
No. Key generation happens entirely in your browser. Save the private key yourself and configure it on your mail server or provider.
What key size should I use?
2048 bit RSA is the common default and works with all major providers. 4096 bit is supported but slower to generate and may hit DNS TXT size limits on some hosts.
What is testing mode (t=s)?
t=s marks the key as testing only. Receivers may accept signatures but treat the domain as not fully deploying DKIM. Remove it for production keys.
Can I use this with Google or Microsoft 365?
Most hosted providers generate DKIM keys for you in their admin console. Use this tool when you run your own MTA or need a custom selector outside the provider UI.