Setting DKIM and DMARC for your domain

Level: intermediate



Walk you through the necessary steps to set up DKIM and DMARC on your domain to protect it from spoofing attempts and prevent your emails from going into your clients’ junk folders.


Setting up DKIM and DMARC

DKIM and DMARC are two strategies that prevent domains from being hijacked by spoofing attempts. They involve making adjustments to your domain’s DNS records. If you’re using your own domain with your Hushmail account, you’ll want to set up DKIM and DMARC.

DKIM must be set up for DMARC to be effective, and we provide the steps to set up both records in this article. A good time to set up DKIM and DMARC is when you first activate your Hushmail account and you’re setting your MX records and SPF records.  

Here are the steps to setting up DKIM and DMARC:

 1. Sign in to the administrative console of your domain registrar 

Your domain registrar is where your domain name is registered and is usually the same site where you purchased your domain. This will be the same place where you update your MX records. If you need help identifying your domain registrar, you can type your domain into to find out who it is. 

2. Look for where you can edit your DNS records

All registrars are a little different, but if you look for “DNS,” you should find the place on your registrar’s administrative console where you can edit your DNS records.

3. Add a TXT record for DKIM 

In the Host field of the record, type:


In the Value field of the record, type:

k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gu26tKsHf9OceZ9VKP7c+a03oMs95fUq3xhrYUMsOsJXTHwMfIjNMf8ZVNIGR7QoLIBXUj1STve9pLdHM7bI8Agd91Xsv1tEpXMb7t9EYI+sp6QFYD7jO1oeNHz0MBzemLsyJPQ8MGpuLi7k54G5hgTpaGGJDSR9sekoja+HocIgsF8GOBqjZn53PHBJWqmkr0ST5gX6lDse4yLNZ40rkKdDcTCYhJ7phKfYlR/6XgPgm9dXBGXZ+jKatW5VrL+uAOY6lhkbIADUCRaFAspHeE10qifG8Jf64mEP8ZgiyttK+zjGWNtlKtfpTpZTPJTF7MUoIvz2VlLJoMKHYZxkwIDAQAB


Note: The following video demonstrates adding a DKIM record in Squarespace. Your interface may look and behave slightly differently if you use a different provider.



4. Save your changes and contact Customer Care

Contact Customer Care by filling out this form: Enable DKIM.

Once we receive the form, we’ll check that you have enabled DKIM correctly on your side, do our part of the setup, and reply back that the setup is complete. If changes need to be made, we’ll work with you to make sure the settings are correct. 

5. Add another TXT record for DMARC

In the Host field of the record, type the following:


In the Value field of the record, type the following, replacing both instances of "" with your full Hushmail email address:

v=DMARC1; p=quarantine;;; pct=100

6. Save your changes

Tip: If you’re getting an error like this:

“TXT records may not exceed 255 characters”

You can add 2 TXT records instead of 1 and split the DKIM as follows:

First TXT record:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gu26tKsHf9OceZ9VKP7c+a03oMs95fUq3xhrYUMsOsJXTHwMfIjNMf8ZVNIGR7QoLIBXUj1STve9pLdHM7bI8Agd91Xsv1tEpXMb7t9EYI"

Second TXT record:




Next steps: 

If you’d like to know more about DKIM and DMARC, you will find helpful information in our blog post What you need to know about spoofing. 

Customer Care will also be happy to answer your questions. 



SPF Records

MX records