Can DKIM be set up on a subdomain, and which domain should be used for signing?

Marketer from Email Geeks clarifies that you only need to sign with the header from domain for DKIM.

Email marketer from SparkPost explains that using subdomains for sending email is a common practice, and DKIM should be configured for each subdomain used. They recommend generating separate DKIM keys for each subdomain to maintain proper authentication.

Email marketer from webhostingtalk forum discusses that they use a subdomain for all email because if their email server gets blacklisted, their main domain stays safe. They have SPF, DKIM and rDNS set up on their mail subdomain to ensure deliverability.

Email marketer from SendGrid explains that DKIM adds a digital signature to your email headers, proving the email wasn't altered in transit. Using DKIM helps improve your email deliverability and sender reputation, by verifying that you own the domain you're sending from.

Email marketer from StackExchange states that each subdomain requires their own SPF/DKIM records for proper email authentication.

Marketer from Email Geeks explains that if email.example.com is the SMTP Mail From and example.com is the envelope from, only sign with example.com for alignment.

Email marketer from EasyDMARC explains that DKIM can be configured on subdomains. When sending from a subdomain, signing with that specific subdomain is the best practice. This ensures proper alignment and improves deliverability.

Email marketer from Mailjet explains that the domain used for DKIM signing should match the domain in the 'From' address of your email. If you're sending from a subdomain (e.g., sales.example.com), you should ideally configure DKIM for that specific subdomain to improve deliverability and sender reputation.

Email marketer from Reddit explains that, in general, you *can* set up DKIM on a subdomain. They recommend it's best to sign with the actual sending address for best results. So if your from address is `hello@newsletter.yourdomain.com` set up the DKIM record for `newsletter.yourdomain.com`.

Expert from wordtothewise.com answers that DKIM signing happens on a domain. The signing domain should be the domain used in the 'From' address. If a message is sent from a subdomain like `newsletter.example.com`, then the DKIM signature should be for `newsletter.example.com` not the root domain `example.com`.

Expert from Email Geeks explains that you need to DKIM sign all domains separately with their own keys.

Documentation from RFC 6376, the DKIM standard, explains the technical details of DKIM signing. While it doesn't explicitly forbid signing with a parent domain, it implies that signing with the domain that matches the 'From' address is the intended use case for optimal authentication.

Documentation from Cloudflare explains DKIM authentication and how to add DKIM records to your DNS, but doesn't provide specific information about the use of subdomains.

Documentation from Microsoft details that DKIM is used to ensure that destination email systems trust messages sent outbound from your organization. They recommend using SPF, DKIM, and DMARC together for the best possible protection.

Documentation from AuthSMTP explains that DKIM can be used with subdomains, and it is recommended to sign emails with the domain or subdomain that matches the 'From' address. This helps improve email authentication and reduce the chances of your emails being marked as spam.

Documentation from Google explains that you can set up DKIM for subdomains. Each domain or subdomain needs its own DKIM key. They recommend a key length of 2048 bits for improved security.