Can I have multiple DKIM records on my domain?

Yes, you can have multiple DKIM records on your domain. Unlike DMARC or SPF, DKIM sets no limit to the number of records you can configure for a single domain as long as it is permitted by your DNS host. 

These are some common reasons why you may want to set up multiple DKIM records: 

  1. You use a number of third-party email vendors for your daily communications. In this case, you need to configure separate selectors and public-private key pairs to activate authentication for each of these vendors. 
  1. For enhanced security, you may want to rotate your DKIM keys periodically. Changing or rotating your keys from time to time is considered to be standard practice and is highly recommended by security experts. 

What is DKIM and why do you need it? 

DKIM is an email authentication standard, which uses public/private key encryption for the sender’s domain. It is the result of a growing need for domain protection, which is vital for the protection against spam. With this authentication process, DKIM verifies whether the email was generated from an authorized server (recognized and configured by administrators), thus preventing spam.

DKIM exists in your DNS as a TXT (Text) or CNAME (Canonical Name) DNS record, and looks something like this: 

How to create multiple DKIM records? 

To create multiple DKIM records use our DKIM generator tool. It’s free! 

Once you are done with assigning a selector to your record (e.g. s1) you need to gain access to your DNS to publish it. You can do this manually or you can contact your domain registrar to publish the keys on your behalf. 

To publish multiple DKIM records simply create separate TXT/CNAME records for each of your sending sources and paste them on your DNS for the same domain. Make sure every time you create a record you use a unique DKIM selector that doesn’t match with any of the selectors concatenated into your previous records. This will prevent the new record from conflicting with any of your existing ones. 

For example: 

If you have an existing DKIM record at s1._domainkey.domain.com (where s1 is your chosen selector), you CAN NOT have multiple records for domain.com using s1 as your selector. Make sure every time your new records for domain.com are pointing to unique selector values (e.g s2, s3, s4, s5…and so on) as shown below:  

s2._domainkey.domain.com

s3._domainkey.domain.com

s4._domainkey.domain.com

s5._domainkey.domain.com

Is it a safe practice?

Yes. It is a safe and heavily endorsed practice to publish multiple DKIM records for boosting your domain’s security as well as to activate the protocol for your third parties. The same however cannot be said regarding SPF and DMARC. To exercise caution, learn about the impacts of configuring multiple SPF records on your domain.