Skip to main content

Authenticate your domain to improve the deliverability of your emails (DKIM)

This article is relevant for users who created a Brevo account before June 29, 2023 and have not yet switched to the new domain authentication method. To learn about the new domain authentication method, check our dedicated article.

In this article, we will explain how to authenticate your domain to improve the deliverability of your emails using a standard email signature protocol: DKIM.

This protocol meets various safety issues and should be implemented to ensure the best possible deliverability, both on shared and dedicated IPs.

Before you start

👆Step 1: Access the Domains page

To access the Domains page:

  1. In Brevo, click on your name at the top-right side of the screen.
  2. Select Senders & IP.
  3. Click Domains.

⚙️ Step 2: Generate the DNS records

To generate the DNS records that you will use to authenticate your domain:

If you haven't added your domain yet If you already added your domain
  1. Click Add a domain.
  2. Enter the domain name you wish to use to sign your emails and click Save. In our example, we are using the domain
  3. The DNS records (Brevo code and DKIM) that need to be added to your domain host display.

🚀 Step 3: Add the DNS record to your domain host

  1. Open a new tab in your navigator and access your domain hosting platform.
  2. If you haven't verified your domain before, follow Step 2 from our dedicated article Verify your domain. We highly recommend using DNS records to verify your domain as it allows you to verify and authenticate it simultaneously.
  3. Create a DNS entry of TXT type for your DKIM record.
  4. From Brevo, copy the Hostname field generated for the DKIM record and paste it into the corresponding field of your domain host. 
    ❗️ Important
    Most domain hosts automatically populate the hostname section with your domain name. When copying the Hostname field from Brevo, only copy the selector (circled in yellow) before your domain name and paste it into the Value field:root-domain-hostname.png
    If only the domain name is required, enter @ or leave the field blank.
  5. From Brevo, copy the Value field generated for the DKIM record and paste it into the corresponding field of your domain host. 
  6. Click Verify & Authenticate or Authenticate. 
    ❗️ Important
    It may take up to 24-48 hours for DNS changes to propagate fully.
  7. Once the configuration is complete, a green check appears next to the Value field for the DKIM record.

Your domain has been authenticated, and your emails will now be signed with your own domain name in your recipients' mailbox! 🚀⬇️


🧐 How to verify if my emails have been signed?

You can easily verify if your emails have been signed. Webmails allow you to see if your email has been signed through the DKIM protocol by reviewing the email header and looking for the reference "dkim=pass".

To learn how to find email headers, check out our dedicated article How do I find email headers?.


In the above example from a Gmail email header, the reference "dkim=pass" certifies that the email is signed with the domain "". Signing your emails with your own domain name helps you manage your own reputation, either on our shared IP or your dedicated IP.

🤔 Have a question?

If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.

💬 Was this article helpful?

37 out of 66 found this helpful