Summary
Implementing DKIM without a TXT record involves utilizing CNAME records in DNS. This method allows the DKIM selector to point to another domain, typically managed by a third-party email service provider (ESP), where the actual DKIM TXT record is hosted. This approach simplifies DKIM management, enabling easy key rotation and delegation of signing to the ESP, without requiring full access to the root domain. It's best practice to ensure all subdomains also have DKIM records and the CNAME target is correctly configured and maintained.
Key findings
- CNAME Implementation: DKIM can be implemented without a TXT record by utilizing CNAME records in the DNS settings.
- Delegated Management: CNAMEs allow delegation of DKIM key management and signing to a third-party email service provider (ESP).
- Simplified Key Rotation: Using CNAMEs simplifies DKIM key rotation, which is often automated by the ESP.
- Enhanced Security: Delegating via CNAME can enhance security by allowing third-party services to manage keys without full access to the root domain.
Key considerations
- Correct Configuration: Ensure the CNAME record is correctly configured and points to the appropriate domain managed by the ESP.
- Maintenance: Verify the delegated service (ESP) properly maintains, and rotates the DKIM keys.
- Subdomain DKIM: Ensure all subdomains have properly configured DKIM records.
What email marketers say
8 marketer opinions
Implementing DKIM without a TXT record typically involves using a CNAME record in your DNS settings. This CNAME record points to another domain, often managed by a third-party email service provider (ESP) like SendGrid or Mailgun, where the actual DKIM TXT record is hosted. This approach allows for easier DKIM key rotation and management by the ESP, simplifying the process for the domain owner, especially in larger organizations. However, it's crucial to ensure that the CNAME target is correctly configured and maintained by the delegated service.
Key opinions
- CNAME Usage: DKIM can be implemented without a TXT record by utilizing CNAME records in DNS settings.
- Delegation of Management: Using a CNAME allows delegating DKIM key management to a third-party email service provider (ESP).
- Simplified Key Rotation: CNAME implementation simplifies DKIM key rotation as the ESP manages the TXT record.
- Best Practice: DKIM using CNAME is considered to be best practice for DKIM management
Key considerations
- Correct Configuration: Ensure the CNAME record is correctly configured and points to the appropriate domain managed by the ESP.
- Maintenance: Verify that the delegated service (ESP) properly maintains and rotates the DKIM keys.
Marketer view
Email marketer from Reddit shares that using a CNAME record for DKIM is a common practice when you want to delegate the management of your DKIM key to a third-party service. This allows the service to rotate the key without you needing to update your DNS records directly.
11 Aug 2024 - Reddit
Marketer view
Email marketer from MXToolbox describes setting up DKIM with a CNAME record pointing to a service like SendGrid or Mailgun, which handles the TXT record. They also mention that this simplifies DKIM management, especially for larger organizations
3 Feb 2025 - MXToolbox
What the experts say
4 expert opinions
Implementing DKIM without a TXT record is achieved by utilizing a CNAME record. This CNAME points to a domain, frequently managed by a third-party email service provider (ESP), where the actual DKIM TXT record resides. This method allows for delegation of signing to another host, enabling services to manage DKIM keys without requiring full access to the root domain. It's important to ensure all subdomains also have DKIM records.
Key opinions
- CNAME Implementation: DKIM without a TXT record is implemented using a CNAME record.
- Delegation of Signing: CNAMEs allow delegation of DKIM signing to a different host, often a third-party ESP.
- Security Benefits: Using a CNAME with third-party services allows them to manage keys without full access to the root domain.
Key considerations
- Subdomain DKIM: Ensure all subdomains have DKIM records configured.
Expert view
Marketer from Email Geeks answers you can do DKIM without a TXT record using CNAME.
12 Dec 2021 - Email Geeks
Expert view
Expert from Spam Resource explains that to implement DKIM using a CNAME record, you create a CNAME record that points to the domain where the actual DKIM TXT record is hosted. This is often used when delegating DKIM management to a third-party email service provider.
27 Mar 2025 - Spam Resource
What the documentation says
4 technical articles
Implementing DKIM without a TXT record is achievable using CNAME records in DNS. This method allows the DKIM selector record to point to another domain, often managed by a third-party service like SendGrid, where the DKIM TXT record is stored. This simplifies key rotation and delegates DKIM management to the third-party service.
Key findings
- CNAME Support: DKIM supports the use of CNAME records for DKIM keys.
- Delegated Management: CNAME records facilitate delegating DKIM management to third-party services.
- Simplified Rotation: Using CNAMEs simplifies DKIM key rotation, often automated by the third-party service.
Key considerations
Technical article
Documentation from SendGrid explains that to implement DKIM with SendGrid, users create CNAME records in their DNS settings that point to SendGrid's servers. SendGrid then manages the actual DKIM key and rotates it automatically, simplifying the process for the user.
21 Oct 2023 - SendGrid
Technical article
Documentation from RFC Editor explains that DKIM (DomainKeys Identified Mail) allows for DNS CNAME records to be used for DKIM keys. The selector record can point to another domain where the TXT record is stored, using a CNAME.
21 Jan 2022 - RFC Editor
Are people using 4096-bit DKIM keys, and what is the recommended DKIM key length?
Are SPF, DKIM, and DMARC as important in B2B as in B2C email marketing?
Can DKIM be set up on a subdomain, and which domain should be used for signing?
Do DKIM selectors affect email reputation?
How do I set up DKIM on G Suite for outgoing mail, especially when using multiple email services?
How do I set up DKIM with A2 Hosting and troubleshoot validation issues?
