šŸ™ Check out Postmark's new MCP Server!
Try it out
x
Setting up DKIM for your Domain | Postmark Support Center

Setting up DKIM for your Domain

DomainKeys Identified Mail (DKIM) is an essential security measure that adds a digital signature to your emails. This signature allows receiving mail servers (like Gmail, Outlook, or Yahoo) to verify that the email was actually sent from your domain and that its content hasn't been tampered with in transit.

Setting up DKIM is the single most important step you can take to ensure your emails are delivered to the inbox rather than the spam folder.

How to get your DKIM records

Before you can update your DNS settings, you need to retrieve your unique DKIM keys from your Postmark account.

  1. Log in to Postmark and select Sender Signatures from the top menu.

  2. If you haven't added your domain yet, click Add Domain and follow the prompts.

  3. Once the domain is added, click the DNS Settings link next to it.

  4. You will see a section for DKIM. Postmark provides two pieces of information:

    • Hostname: This usually follows a format like 2023060112345pm._domainkey.

    • Value: A long string of text starting with v=DKIM1; k=rsa; p=...

Keep this tab open while you log in to your DNS provider.

Adding the record to your DNS

Every DNS provider (like GoDaddy, Cloudflare, or Route53) is slightly different, but the general steps for adding a DKIM record are the same:

  1. Create a new record: Select TXT as the record type.

  2. Enter the Hostname: Paste the "Hostname" provided by Postmark.

    Note: Some DNS providers automatically append your domain name. If your domain is example.com and Postmark gives you pm._domainkey.example.com, you may only need to enter pm._domainkey as the host.

  3. Enter the Value: Paste the "Value" (the public key) exactly as it appears in Postmark.

  4. Save your changes: Once saved, the record will begin to propagate across the internet.

Verifying the setup

After you have added the TXT record to your DNS, return to the DNS Settings page in Postmark.

Click the Verify button.

  • If it turns green: Congratulations! Postmark is now signing your emails with DKIM.

  • If it says "Not Verified": Don't worry. DNS changes can take anywhere from a few minutes to 24 hours to propagate. Check back shortly.

Troubleshooting common DKIM issues

If your record hasn't verified after 24 hours, check for these common hurdles:

  • Typost and Extra Spaces: Ensure there are no leading or trailing spaces in the Hostname or Value fields when you paste them into your DNS provider.

  • Character Limits: Some older DNS providers have a limit on the length of TXT records. If your provider doesn't allow long strings, you may need to reach out to their support for assistance with "string splitting."

  • Proxying (Cloudflare Users): Ensure that any CNAME records used for related authentication (like a Custom Return-Path) are set to "DNS Only" (grey cloud) rather than "Proxied" (orange cloud), as proxying can interfere with verification.

Wait, what about SPF? While you are in your DNS settings, we also recommend setting up a Custom Return-Path. While Postmark handles SPF for you by default, a Custom Return-Path ensures your domain is "fully aligned" with DMARC policies.

For more information on the technical side of DKIM, visit our detailed guide: https://postmarkapp.com/support/article/1091-how-do-i-set-up-dkim-for-postmark

Last updated January 14th, 2026

Still need some help?

Our customer success team has your back!

Contact Support