DNS provider

Add a DKIM record in DigitalOcean DNS

DKIM publishes a public key at selector._domainkey.yourdomain. Copy the exact string your mail provider gives you.

Provider gotcha: For DKIM, the hostname field is only the left part — e.g. google._domainkey — not the full google._domainkey.example.com.

See DKIM DNS.

Step by step

Step 1 DigitalOcean Control Panel → Networking → Domains → select your domain → Add record.

Step 2 Name/host: your selector + ._domainkey (Type TXT, enter the hostname fragment and paste the value. Apex often appears as @.).

Step 3 Value from your ESP (often one long string):

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBA...

Step 4 Save. Truncated keys fail open verification. For DKIM, the hostname field is only the left part — e.g. google._domainkey — not the full google._domainkey.example.com.

Step 5 If the UI splits into 255-char chunks, that is normal for DNS — the full key must still be complete.

Step 6 Send test mail; run DNS Preflight for DKIM strength. DKIM guide.

DNS Preflight — full auth check for your domain.

Open DNS Preflight →

Propagation — compare resolvers.

Open DNS Propagation →

FAQ

What name do I enter for DKIM?

selector._domainkey as your provider’s UI expects — see the gotcha on this page for your host.

Why dkim=fail?

Truncated key, wrong selector, or signing with a different selector than DNS.

2048 vs 1024?

Prefer 2048-bit keys; rotate 1024-bit legacy keys.

Does DigitalOcean DNS split long TXT?

Many providers auto-chunk; ensure the full key is present.

How to test?

Send mail and check headers — then DNS Preflight for the published key.

← DigitalOcean DNS hub · All DNS providers