DNS provider

Add a DKIM record in Azure DNS

DKIM publishes a public key at selector._domainkey.yourdomain. Copy the exact string your mail provider gives you.

Provider gotcha: For apex records the name field uses @. TXT values go in the TXT Records box — one value per line if the UI splits long strings.

See DKIM DNS.

Step by step

Step 1 Azure Portal → your DNS zone → + Record set.

Step 2 Name/host: your selector + ._domainkey (SPF/DMARC/DKIM names are relative to the zone — e.g. _dmarc or google._domainkey for a selector.).

Step 3 Value from your ESP (often one long string):

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBA...

Step 4 Save. Truncated keys fail open verification. For apex records the name field uses @. TXT values go in the TXT Records box — one value per line if the UI splits long strings.

Step 5 If the UI splits into 255-char chunks, that is normal for DNS — the full key must still be complete.

Step 6 Send test mail; run DNS Preflight for DKIM strength. DKIM guide.

DNS Preflight — full auth check for your domain.

Open DNS Preflight →

Propagation — compare resolvers.

Open DNS Propagation →

FAQ

What name do I enter for DKIM?

selector._domainkey as your provider’s UI expects — see the gotcha on this page for your host.

Why dkim=fail?

Truncated key, wrong selector, or signing with a different selector than DNS.

2048 vs 1024?

Prefer 2048-bit keys; rotate 1024-bit legacy keys.

Does Azure DNS split long TXT?

Many providers auto-chunk; ensure the full key is present.

How to test?

Send mail and check headers — then DNS Preflight for the published key.

← Azure DNS hub · All DNS providers