
Proof on your outgoing mail that it really came from you — so your customers can trust what they receive.
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to messages your systems send. Receiving servers verify the signature against a public key published in your DNS.
Signatures help prove a message really came from your infrastructure and was not altered in transit. Without DKIM, impersonators have an easier time.
Your email platform (Google Workspace, Microsoft 365, etc.) generates keys. You or your admin publish the TXT record at selector._domainkey.yourdomain.com.
Google gives you the keys, but you must turn DKIM on and publish the DNS record — otherwise scammers have an easier time faking mail from you.