Setting up DKIM for Sitecore Send means adding a TXT record to your domain’s DNS settings. The exact steps vary depending on your registrar, but the core information remains the same.
What you’ll need from Sitecore Send
Before touching your DNS settings, grab these details from your Sitecore Send account:
- Your DKIM public key (includes at least p=; may also include v=DKIM1; k=rsa;)
- The selector name (typically ms._domainkey)
- Your domain or subdomain
Step 1: Log in to your DNS management panel
Locate the DNS records for your domain (these may be hosted by your registrar or hosting provider).
| Registrar | Where to find DNS settings |
| GoDaddy | Domain Settings → DNS Management |
| Namecheap | Domain List → Manage → Advanced DNS |
| Cloudflare | DNS tab on domain overview |
| AWS Route 53 | Hosted Zones → Select domain |
| Squarespace Domains | Domains dashboard → Manage DNS |
Most registrars store DNS settings under “DNS Management,” “Advanced DNS,” or a similar section.
Step 2: Create a new TXT record
Click “Add Record” or “Add New Record” in your DNS panel. You’ll need to fill in three fields.
Record type: Select TXT.
Name/Host/Alias: Enter ms._domainkey exactly as shown. Some registrars auto-append your domain, so you only need to type ms._domainkey instead of ms._domainkey.yourdomain.com.
Value/Content/Text: Paste the full DKIM public key from Sitecore Send. Don’t modify it or add spaces.
TTL: Choose “Auto” or set it to 300-3600 seconds (5 minutes to 1 hour works fine).
Step 3: Save and wait for DNS propagation
After saving the record, DNS changes need time to spread across the internet.
Cloudflare’s Auto TTL (300 seconds) ensures changes take effect within minutes.
Many registrars take around 30 minutes. Some providers still cite 24-48 hours (rare but possible on slower DNS infrastructure).
Step 4: Verify in Sitecore Send
Return to your Sitecore Send account and click the verification button.
A green checkmark confirms that the setup was successful. If it fails, double-check your TXT record for typos or extra spaces.
Running an email deliverability test after verification ensures that your authentication is working across various inbox providers.
Common setup variations by registrar
A few registrars handle things differently:
- cPanel users (Namecheap, Bluehost, HostGator): Access through cPanel → Zone Editor
- Wix: DNS settings are under Domain Settings, not the main dashboard
What happens if the DKIM setup fails
DKIM failures usually come from these mistakes:
- Typos in the selector name (ms._domainkey)
- Missing characters in the public key value
- Selecting CNAME when you should use TXT (or vice versa for Network Solutions)
- Not waiting long enough for DNS propagation
Re-check the exact values from Sitecore Send against what you entered in your DNS panel.
Maintaining your DKIM after setup
Once verified, DKIM works automatically.
The private key remains with Sitecore Send (they sign your emails), while the public key is stored in your DNS (receiving servers use it to verify signatures).
You don’t need to touch it again unless you migrate to a different email platform or decide to rotate keys for security (recommended every 6-12 months, though not all platforms automate this).
If you’re sending cold outreach campaigns, pair proper authentication with email warmup to build sender reputation gradually. Authentication proves who you are — warmup proves you’re trustworthy.
Still stuck on DKIM setup?
DNS configuration trips up even experienced senders when registrars use inconsistent terminology or field layouts.
If your DKIM record won’t verify or you’re unsure whether you entered everything correctly, schedule a free consultation with an email deliverability consultant.
We’ll review your DNS setup, resolve authentication issues (SPF, DKIM, DMARC), and confirm everything’s working properly.
Frequently asked questions
Here are some commonly asked questions on this topic:
No. Each subdomain needs its own DKIM record (e.g., ms._domainkey.subdomain.yourdomain.com). You may reuse the same key value, but each subdomain requires a separate DNS entry.
All modern registrars support TXT records. If yours claims otherwise, consider transferring to a registrar like Cloudflare or Namecheap.
Key rotation is recommended security hygiene. Manual rotation every 6-12 months is good practice, though not all platforms automate this process.
DKIM verifies that your emails haven’t been tampered with, but it doesn’t guarantee inbox placement. You also need SPF, DMARC, clean content, and a good sender reputation.
Yes, but only after verifying your new platform’s DKIM is working. Keep both active during migration to avoid authentication failures.
