Generating a DKIM record in MailEnable requires admin access to your Windows VPS. Let’s go through the built-in DKIM configuration tool that creates your cryptographic key pair and provides the public key for DNS publishing.
Enable DKIM at the server level
Before configuring DKIM for your domain, you need to activate it server-wide first (this is a one-time setup).
Open the MailEnable Management Console (MMC). Navigate through the following path:
- Servers → Localhost → Extensions
- Find Domain Keys (DKIM) and right-click
- Select Properties
- Check Enable DKIM
- Click OK
Access the domain DKIM configuration
Once server-level DKIM is enabled, configure it for your specific domain.
- Click Messaging Manager in the MailEnable Management window
- Select Post Offices from the left panel
- Locate your domain in the domains list
- Right-click your domain (example.com) and choose Properties
- Switch to the DKIM (DomainKeys) tab
Configure DKIM settings
Click Configure to access the DKIM setup panel. These settings control how your outgoing emails get signed.
| Setting | Recommended value | Why |
| Sign outgoing messages | Checked | Activates DKIM signing |
| Encryption algorithm | rsa-sha256 | Industry standard, widely supported |
| Canonicalization (header) | relaxed | Tolerates whitespace changes in transit |
| Canonicalization (body) | relaxed | Prevents signature breaks from formatting |
Create your DKIM selector
Enter a unique selector name (default, mail, or mailenable works well). Choose your key size based on your security needs.
- 1024-bit — Faster processing, adequate security
- 2048-bit — Stronger security, slightly slower (recommended)
Check the box to make this selector active. Only one selector can be active at a time — activating a new one deactivates previous selectors.
The Test mode option signals that you’re testing DKIM and that receivers should not treat failures more harshly. Leave it off in production.
Copy your public key
Click Update, then OK to generate the key pair. MailEnable displays your public key in the text box at the bottom of the form — copy this entire text string. This public key gets published to DNS so receiving servers can verify your signatures.
Add DNS TXT record
Create a new TXT record in your DNS management panel (through your domain registrar or DNS provider, not AccuWeb). Format the record exactly as shown below.
| Field | Value |
| Record type | TXT |
| Host/Name | selector._domainkey (replace “selector” with your actual selector name) |
| Value | Paste the public key text from MailEnable |
| TTL | 3600 (or your default) |
DNS updates typically appear within minutes but can take up to 24-48 hours, depending on the TTL and resolver caching.
After DNS propagation completes, run a free email deliverability test to confirm your DKIM signatures are passing validation — The test shows whether receiving servers can successfully verify your signatures.
Still getting DKIM failures?
DKIM configuration can break if your DNS syntax is wrong or your private key gets corrupted. If you get a DKIM fail, our team can diagnose the issue within minutes.
Schedule a free consultation with our email deliverability specialists — we’ll review your MailEnable configuration, verify your DNS records, and resolve any authentication issues blocking your emails.
Frequently asked questions
Here are some commonly asked questions on this topic:
Yes, but only one can be active at a time. Create additional selectors for key rotation, then activate the new one when ready.
Use 2048-bit if your DNS host supports it. Gmail requires ≥1024-bit and recommends 2048-bit for stronger security.
No. DKIM signing starts immediately after you click Update and OK.
Send a test email to a Gmail account, view the original message, and check headers for “dkim=pass”.
Check your domain registrar (e.g., GoDaddy, Namecheap) or contact AccuWeb support if they manage your DNS.
