DKIM Setup with Cloudflare DNS

January 14, 2026 • InboxGreenEmail Team

🚨 DKIM issues can silently kill replies.

If opens dropped, replies disappeared, or bounces increased, treat it as an incident. Run the scan and get a fix path.

No signup required. Works on any domain.

search Run a Free Domain Check notifications_active Monitor my domain

Introduction

Setting up DKIM (DomainKeys Identified Mail) can feel like a daunting task, especially if you're using Cloudflare DNS. But getting it right is crucial for your email deliverability. If your emails are landing in spam folders or bouncing back, it's likely that your DKIM setup is part of the problem. This is urgent, especially if you're facing warnings in Gmail or seeing high bounce rates. A proper DKIM configuration helps improve your domain reputation and ensures that your emails are authenticated, increasing the chances of landing in the inbox.

At a glance

  • This problem affects SaaS founders, marketers, and anyone managing email sending.
  • This article will guide you through setting up DKIM with Cloudflare DNS.
  • By following these steps, you can enhance your email deliverability and domain reputation.

When this problem shows up in real life

Imagine you send out a marketing email to your subscribers, but instead of landing in their inbox, it goes straight to their spam folder. You check your email logs and see something like this:

2023-10-01 12:00:00 SMTP: 550 5.7.1 Message rejected due to DKIM failure

Or perhaps you receive a support ticket from a customer saying they never got your email. You look at the headers and find:

Authentication-Results: mx.google.com; dkim=fail (bad signature) [email protected]

These are clear signs that your DKIM setup needs attention. Without proper DKIM configuration, your emails are at risk of being marked as untrustworthy.

Step by step: DKIM setup with Cloudflare DNS

  1. Access your Cloudflare account

    Log in to your Cloudflare account and select the domain you want to configure.

  2. Generate your DKIM key

    You can generate a DKIM key using various tools. If you are using a service like Google Workspace, you can find the DKIM settings in the admin console.

    For example, here is a sample DKIM public key:

    v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB...
  3. Add the DKIM record to Cloudflare

    In your Cloudflare dashboard, navigate to the DNS settings for your domain.

    • Click on "Add record".
    • Select "TXT" as the type.
    • For the name, use the selector you generated along with your domain, for example: google._domainkey.yourdomain.com.
    • In the content field, paste your DKIM public key.
  4. Verify your DKIM setup

    Use tools like the DKIM Checker to verify that your DKIM record is set up correctly. You can also send a test email and check the headers for DKIM authentication results.

Common mistakes

  • Missing selector in the DKIM record

    Symptom: DKIM fails to authenticate.

    Cause: The selector is not included in the DNS record.

    Fix: Ensure the selector is correctly formatted in the DNS entry.

  • Incorrect public key

    Symptom: Emails are still landing in spam.

    Cause: The public key might be truncated or incorrectly copied.

    Fix: Double-check the DKIM public key for any missing characters.

  • Not updating DNS records

    Symptom: Changes made do not reflect.

    Cause: DNS records may take time to propagate.

    Fix: Wait for DNS changes to propagate and check again.

  • Using multiple DKIM records

    Symptom: DKIM validation fails.

    Cause: Having more than one DKIM record for the same selector.

    Fix: Ensure only one DKIM record exists for each selector.

Troubleshooting when it still fails

  • DKIM fails → likely cause: Incorrect DNS record

    What to try next: Check your DKIM record using the DKIM Checker to ensure it is correctly set up.

  • Emails still landing in spam → likely cause: Domain reputation issues

    What to try next: Use the InboxGreen checker to assess your domain reputation and identify any issues.

  • Authentication-Results show "neutral" → likely cause: DKIM not verified

    What to try next: Verify that your DKIM record is correctly added and matches the selector used in your email.

Related checks you should run

  • Check SPF, DKIM, and DMARC alignment.
  • Review DNS TTL and ensure there are no propagation delays.
  • Monitor your domain reputation, bounces, and spam reports.
  • Evaluate your list quality and engagement patterns.

FAQ

Why is DKIM still failing on Cloudflare after I added the record?

DKIM failures can occur due to incorrect record formatting, missing selectors, or propagation delays. Double-check the record and ensure it is correctly set up.

How long do DNS changes take to apply on Cloudflare?

DNS changes on Cloudflare typically propagate within a few minutes, but it can take up to 24 hours in some cases. Use tools to verify the changes.

Can I use more than one DKIM include with this setup?

Yes, you can use multiple DKIM selectors, but ensure each selector has its own unique record. Having multiple records for the same selector can cause authentication failures.

What if my emails are still marked as spam even after setting up DKIM?

Spam filtering is influenced by many factors. Check your SPF and DMARC records, monitor your sending reputation, and ensure your email content is not triggering spam filters.

What to do next

Now that you have set up DKIM with Cloudflare DNS, it's time to verify everything is working smoothly. Run a check using the InboxGreen checker to ensure your DKIM, SPF, and DMARC records are correctly configured. This will help you identify any lingering issues and improve your email deliverability.

Free Deliverability Scan

Check SPF, DKIM, DMARC and List-Unsubscribe for your domain in seconds.