DKIM signature

General instructions for configuring the DKIM signature

With a DKIM signature, an email recipient can verify that the message really came from the alleged sender.

You can configure the DKIM signature for email sent from your domain: just create a TXT record for your domain with a public signature key. To sign messages that you send through non-Yandex servers, you will also need a TXT record with a private key. You should configure it on the outgoing mail server.

If you delegated your domain to Yandex, the DKIM signature with a public key is configured automatically. You can view it and edit the parameters in the Yandex.Connect DNS editor.

  1. Get a TXT record with a public key in the Mail settings:

    1. Open the Mail administration page.

    2. Go to the Mail section and choose DKIM signature.

    3. Click the domain name (the domain is visible in this list if it has been confirmed). The column on the right shows the value of the DNS record for the DKIM public key, as well as the private key.

      You can use the private key to sign messages that you send from non-Yandex servers.

  2. Copy the content of Public key.

  3. Open your DNS hosting company's control panel.

  4. Create a TXT record with the following field values:

    • Name — “mail._domainkey”. In some DNS control panels, you also need to specify the domain for the public DKIM key, such as “mail._domainkey.yourdomain.tld”.

    • Value — The block of text from “Public key” that you copied in the Yandex.Connect settings.

  5. Wait for the changes to take effect in the DNS. This may take up to 72 hours.