DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam.
What is DKIM?
Its Email Authentication and the record proves that it was sent from the domain it is being shown. This uses Cryptographic Key to sign the emails.
In simple words, DKIM is necessary so that your messages doesn’t end up in user spam box, like why Google, Facebook messages never goes into spam and unless we send them ourselves, as they are verified and authenticated that Google or Facebook sent them.
Setup DKIM Records
You cannot setup DKIM Record own your own without any help because DKIM is key based and the key must be present on Outgoing Mail Server to match to your domain. GSuite has Authentication Tab in GMAIL Settings for DKIM Signing.
To setup a DKIM you must contact your Email Provider as many services like Godaddy Shared Hosting doesn’t even supports it. However it doesn’t means you messages will end up in spam because we can setup DMARC policy and which will help avoid spams.
For every sub-domain or domain a separate DKIM key is required and also a seperate DKIM Record. When you setup emails with clients like Amazon SES and SendGrid they provide you these CNAME Records or DKIM Records to setup DKIM. CNAME records can be used to point a domain to another domain or sub-domain where your DKIM is entered.
The record is set in TYPE: TXT
Host is @ or sub-domain with prefix (it is provided by Sender Server to differentiate DKIM from different senders, Google uses google or custom prefix set by user)
Value: v=DKIM1; k=rsa; p=a_key_identifier
Here DKIM1 in v is DKIM Protocol and k is type of key encryption used and p is key value which is different for every domain and given by the Sender, also this is public key and is its private key is used at senders.
Check for errors using MXChecker from Google