DKIM Setup: Can You Have Multiple DKIM Records?

dkim setup

Estimated reading time: 6 minutes

DKIM (DomainKeys Identified Mail) is an effective email authentication method that ensures the integrity and authenticity of your emails while they are in transit. Similar to the SPF and DMARC email authentication protocols, the implementation of DKIM requires the addition of a DNS record. 

However, while SPF and DMARC allow the publication of no more than one DNS record to ensure email validation by SPF and DMARC, DKIM allows senders to have multiple DKIM records on one domain.

The idea of having several DKIM records may be confusing for some senders. How many are you allowed to have? Why would you require multiple DKIM records?  How can you set them up without encountering technical difficulties? These questions are examined in this article.

What’s DKIM Record Format?

It is important to understand how a DKIM record is structured in order to know how to publish multiple records without affecting DKIM authentication.

A DKIM record consists of the three elements: the selector, the domain name, and the public key. Let’s take a closer look at these elements:

  • Selector. The selector is a unique word or a range of characters that helps email receivers find the right DKIM record in DNS. The selector could be entered as default, s1, selector1, google etc.
  • Domain: The domain is the name of the domain where receiving mail servers will look for a DKIM record and on behalf of which your emails will be signed with DKIM.
  • Public key: A public key is one of the keys in the key pair utilized by a DKIM authentication mechanism. Receiving mail servers will use it to verify the signature on your emails.

A DKIM record is published in DNS as follows:

s1._domainkey.example.com IN TXT “v=DKIM1; k=rsa; p=public key”

In this example:

s1 is the unique DKIM selector;

_domainkey is a fixed part of the DKIM record structure that follows the selector;

example.com is the domain name;

v=DKIM1 is a fixed part of the DKIM record structure, which denotes the version of DKIM;

k=rsa is the key type;

p=public key is the tag containing the public key value.

Can You Have Multiple DKIM Records?

A DKIM authentication protocol doesn’t specify a limit for the number of DKIM records that a domain can have. However, the number of DKIM records your domain can support may be impacted by restrictions placed by some DNS providers on the maximum number of TXT or CNAME entries you are permitted to create. These restrictions will dictate how many DKIM records for a single domain you can publish without affecting the proper domain configuration. 

Most of the DNS providers can support up to 49 TXT records for one domain. It is advisable to inquire about the precise restrictions and policies of your DNS provider in order to guarantee compliance.

Why Would You Need Multiple DKIM Records on One Domain?

The ability to publish multiple DKIM records on a single domain derives from the work of the DKIM mechanism. Each email service provider sending email communications on behalf of a given domain will add its unique DKIM signature, which can be verified with the utilization of the respective public key published in DNS.

A lot of senders use more than one email sending system differentiating their email traffic. In order the messages sent from the same domain but originating from different services can pass DKIM authentication, the domain owner must publish multiple DKIM records under different selectors. As the selector is indicated in a DKIM signature added to outbound emails, email receivers will easily find the right DKIM record in DNS to be used for DKIM verification.

This arrangement ensures strong email authentication and integrity, guaranteeing that emails originate from the claimed domain and remain unchanged during transit.

How to Add Multiple DKIM Records for One Domain

Multiple DKIM records are easy to manage thanks to the flexibility of the DKIM architecture – by giving each record the unique selector. 

The first step is to create a DKIM key pair, which consists of a public key published in your domain’s DNS and a private key that remains on your email server. It’s crucial to use the unique selector when creating key pairs for different email service providers. 

Check your existing DKIM records to ensure the selector you are about to use is not already set up. A DKIM generating tool can make this process easier. The next step is to create a TXT or CNAME record for each sending source in your domain’s DNS. 

While ensuring a strong email authentication, this approach enables the smooth integration of multiple email providers to be utilized for email communications sent on behalf of the same domain.

How to Check Multiple DKIM Records

The utilization of multiple DKIM records requires a thoughtful approach to their management to ensure the proper validation of outbound emails by DKIM. DNS records may be deleted or changed, where the changes may make them invalid.

Therefore, it’s crucial to set up routine monitoring of the DKIM records published for an email sender domain. There are two methods of DKIM record testing: manual and automatic.

Manual DKIM Record Test

You can use a free DKIM checker tool to quickly verify a DKIM record.

Enter the domain name and the DKIM selector and click “DKIM Record Check.”

GlockApps Free DKIM Checker

By entering different selectors, you can verify the existence and validity of all the DKIM records published for the same domain. You can look for the DKIM selectors in the domain’s DNS management panel. As mentioned above, the selector is a text or a range of characters preceding ._domainkey in the TXT record name.

In the example below, the selector is s1:

s1._domainkey.example.com

Automatic DKIM Record Test

Setting up automatic DKIM record monitoring helps senders determine the issues with existing DKIM records almost instantly.

To monitor your domain’s DKIM records on auto-pilot, you can use the GlockApps uptime monitoring tool.

Create uptime monitors for each of the DKIM records set up for your domain. GlockApps will validate the records in a regular manner sending you alerts when any of the records goes invalid or doesn’t exist in DNS anymore.

GlockApps DKIM Uptime Monitors

Conclusion

You’re already a step ahead in guaranteeing a secure email communication route if you have a thorough understanding of DKIM and its complex configuration. For many organizations that manage multiple email sending systems, the option to add multiple DKIM records is not only a technical requirement but also a practical approach. 

You can improve email delivery and create a stronghold of trust around your domain by carefully following the setup procedure and managing your DKIM records.

Get Uptime Monitor Trial

Related Posts

Email Authentication: the Ultimate Guide

Email authentication is becoming a big deal. Authentication allows the mailbox provider to confirm that the sender is the one Read more

dkim check

The DKIM protocol, along with SPF, DMARC, and BIMI form the perfect ensemble for email security. Any one of those Read more

dkim fails

Email is an effective tool for corporate and personal communication in the digital age. But as phishing scams and email Read more

Multiple SPF Records

If you’re responsible for managing email domains, you've likely come across the need to work with SPF records. Email authentication Read more

AUTHOR BIO

Julia Gulevich is an email marketing expert and customer support professional at Geminds LLC with more than 15 years of experience. Author of numerous blog posts, publications, and articles about email marketing and deliverability.