Defaults.Exposed › Setup › DKIM

How to set up DKIM on Namecheap

Publish your mail provider's DKIM key in Namecheap DNS so your emails carry a tamper-proof signature.

Why this matters to your business

DKIM (DomainKeys Identified Mail) adds an invisible digital signature to every email you send. The receiving mail provider uses a public key you’ve published in your DNS to confirm two things: the message really came from your domain, and nobody altered it on the way.

In plain terms: DKIM is a seal of authenticity on your email. It makes impersonation harder and improves the chance your genuine mail reaches the inbox rather than spam. Like the others, it’s free and it’s a one-time setup.

Important: DKIM has two halves

DKIM is the one record where it really matters who does what:

• Your mail provider generates the key. Google Workspace, Microsoft 365, or whoever runs your mailboxes creates the DKIM key for you, inside their admin console. You cannot make this up — you must get the exact host name and value from them.
• Namecheap publishes it. You then add that key to your domain’s DNS at Namecheap (assuming Namecheap runs your DNS — see below).

So: generate in the mail platform, publish in the DNS host.

First, confirm Namecheap runs your DNS

A DKIM record only works if Namecheap is answering DNS for your domain. In Namecheap, open Domain List → Manage and check the Nameservers section. If it shows Namecheap BasicDNS / PremiumDNS, you’re in the right place. If it points to another provider, add the DKIM record there instead — it won’t take effect at Namecheap.

Get the key from your mail provider

In your mail provider’s admin area, look for the DKIM or email-authentication setting and generate/enable a key. It will give you two pieces of text:

• A host/selector name, something like google._domainkey or selector1._domainkey.
• A long value beginning with v=DKIM1; followed by k=rsa; p= and a very long string of characters (the public key).

Copy both exactly.

Step-by-step on Namecheap

1. Sign in to Namecheap and open your Domain List.
2. Click Manage next to the domain.
3. Go to your DNS settings (look for DNS / Records / Advanced DNS).
4. Choose Add New Record. Most DKIM keys are TXT Records — use TXT unless your provider specifically told you to add a CNAME (some providers, including Microsoft 365, use CNAME records that point back to their servers).
5. In the Host field, enter only the selector part — for example google._domainkey or selector1._domainkey. Do not add your domain name on the end; Namecheap appends it automatically.
6. In the Value field, paste the long key value exactly as your provider gave it.
7. Leave TTL on Automatic.
8. Save the record.

Namecheap quirks people get wrong

• Don’t put the full domain in Host. If your provider’s instructions show selector1._domainkey.yourdomain.com, you enter only selector1._domainkey at Namecheap — the rest is added for you. Including the domain again creates a broken ..yourdomain.com.yourdomain.com host.
• Paste the whole key — it’s long. DKIM public keys are hundreds of characters. Make sure nothing is cut off, and that no stray spaces or line breaks crept in during copy-paste.
• Don’t add your own quotes. Paste the plain value; Namecheap handles the quoting. Manually added " marks can corrupt the record.
• TXT vs CNAME — follow your provider. If they say CNAME, choose CNAME and paste their target host as the value; don’t convert it to TXT.
• Match the selector exactly. The selector in the Host field must match what your provider expects, character for character — that’s how the receiver finds the right key.
• Give it time. DNS changes can take minutes to a couple of hours to propagate before DKIM starts validating.

Verify it worked

After saving and allowing a little propagation time, run the free check on this site. It will confirm in plain language whether your DKIM record is published and readable.

Done? Check your domain free to confirm it worked — and see your full grade across all 34 checks.