To enable 2048-bit DKIM (DomainKeys Identified Mail) in Google Workspace (formerly G Suite), you need to follow these steps:
1. Access Google Admin Console
- Sign in to your Google Admin Console at admin.google.com using your administrator account.
2. Navigate to the DKIM Settings
- From the Admin console homepage, go to Apps.
- Select Google Workspace.
- Click on Gmail.
- Scroll down and click on Authenticate email under the Email authentication section.
3. Generate the DKIM Key
- Choose the domain you want to set up DKIM for (if you have multiple domains).
- Click on Generate new record.
- In the Key length dropdown, select 2048-bit.
- Optionally, you can customize the DKIM selector prefix. The default is
google. - Click Generate to create the DKIM key.
4. Add the DKIM TXT Record to Your DNS
- After generating the key, you'll see a TXT record value. This needs to be added to your domain's DNS settings.
- Log in to your domain registrar's website or DNS hosting service.
- Add a new TXT record with the following values:
- Name/Host/Alias: Use the DKIM selector followed by
_domainkey. For example, if the selector isgoogle, the entry would begoogle._domainkey. - Value: Paste the TXT record value provided by Google.
- Name/Host/Alias: Use the DKIM selector followed by
5. Activate DKIM Signing
- After adding the TXT record to your DNS, go back to the Google Admin console.
- Click Start authentication. It may take some time for the DNS changes to propagate.
- Once Google verifies the TXT record, DKIM will be enabled, and your emails will start being signed with a 2048-bit DKIM key.
6. Verify DKIM is Working
- You can verify that DKIM length on www.godmarc.com>Tools>DKIM Record Loopup.
Note: DNS changes can take up to 48 hours to propagate, although they often happen much quicker.
This setup will ensure that your emails are signed with a 2048-bit DKIM key, providing stronger email authentication and security.