How to test which DNS providers append domain to DKIM host for non-technical users?
Michael Ko
Co-founder & CEO, Suped
Published 4 Jul 2025
Updated 19 Aug 2025
9 min read
Setting up DKIM (DomainKeys Identified Mail) is a crucial step for email authentication and deliverability. It helps recipient servers verify that an email claiming to be from your domain was indeed authorized by your domain's owner. This authentication is essential for building trust and ensuring your emails reach the inbox, rather than landing in spam or being rejected. However, a common stumbling block for many, especially those who aren't deeply technical, arises when adding the DKIM record to their DNS provider. Some DNS providers automatically append your domain name to the DKIM host record, while others require you to include the full domain yourself. This subtle difference can lead to frustrating authentication failures if not handled correctly.
The challenge is identifying which providers do what. This guide aims to simplify the process for non-technical users, helping you understand how to test your DNS provider's behavior when it comes to DKIM host records. By the end, you'll have a clear approach to ensure your DKIM setup is correct, preventing common pitfalls that lead to email delivery issues and potential blocklisting (or blacklisting).
DKIM relies on a pair of cryptographic keys: a private key, used by your sending server to sign outgoing emails, and a public key, published as a DNS TXT record for recipient servers to verify the signature. The public key is what you'll add to your domain's DNS settings. This public key is associated with a specific "selector," which acts like a label for the key. For example, if your selector is "s1024," your DKIM host record might look something like s1024._domainkey.
The confusion arises because different DNS providers handle the domain part of the host record differently. Some automatically add your domain to s1024._domainkey, effectively making it s1024._domainkey.yourdomain.com. Other providers require you to type out the entire host record, including your domain, like s1024._domainkey.yourdomain.com, into the Host or Name field. If you duplicate the domain by providing s1024._domainkey.yourdomain.com to a provider that appends, your record becomes s1024._domainkey.yourdomain.com.yourdomain.com, which won't work.
The key is to understand how your specific DNS provider handles this so you can enter the DKIM record correctly the first time. This avoids common DKIM domain mismatch issues. Some providers, like GoDaddy, are known to automatically append the domain, while others, like Cloudflare, generally do not. Checking their documentation is a good start, but a simple test can confirm it.
How to test your DNS provider's behavior
The most straightforward way to test your DNS provider's behavior is to observe how a simple TXT record is published. This method doesn't require setting up a full DKIM record, just a test TXT record. You'll enter a specific value into the host field and then check the resulting record using a DNS lookup tool. This will reveal whether your domain was appended.
Here's a simple process to test:
Log in: Access your DNS management settings with your domain provider. This is usually where you manage your website and email.
Create a new TXT record: Look for an option to add a new record. Select TXT as the record type.
Enter test values: For the Host or Name field, enter test._mydomainkey. For the Value or Text field, enter v=DKIM1; p=yourtestkey.
Save the record: Save the new TXT record. DNS changes can take some time to propagate across the internet, typically from a few minutes to an hour, but sometimes longer.
Verify with a DNS lookup tool: Once you've saved the record, use a free online DNS lookup tool. Good options include Google's Public DNS or other similar services. Enter test._mydomainkey.yourdomain.com (replacing yourdomain.com with your actual domain) and select TXT record type. The result will show you the exact host that was created. For additional checks, you can use Google Admin Toolbox Dig which is a reliable tool for DNS lookups.
If the lookup shows test._mydomainkey.yourdomain.com (only one instance of your domain), it means your provider does not automatically append the domain. If it shows test._mydomainkey.yourdomain.com.yourdomain.com, then your provider *does* append the domain. Once verified, delete this test record.
Interpreting the test results and next steps
Knowing how your DNS provider handles domain appending is crucial for accurate DKIM setup. This awareness will help you avoid common errors that can lead to email authentication failures, ensuring your messages are delivered as intended. It's a small detail with a large impact on your email deliverability.
Provider automatically appends domain
Action required: When creating your DKIM record, only enter the selector and ._domainkey. For example, if your selector is s1024, input s1024._domainkey.
Example providers: GoDaddy, Squarespace, and some others often append automatically.
Properly configured DKIM records are a cornerstone of email authentication, working alongside SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to protect your domain from spoofing and phishing attempts. Errors in any of these can lead to your emails being filtered as spam or rejected entirely. For more guidance on setting up these records, review our detailed articles on how to set up SPF, DKIM, and DMARC.
Provider does not automatically append domain
Action required: When creating your DKIM record, enter the full host record, including your domain name. For example, if your selector is s1024, input s1024._domainkey.yourdomain.com.
Example providers: Cloudflare and many others typically require the full hostname.
Additional considerations for DKIM setup
Beyond the basic test, there are a few considerations to keep in mind for a smooth DKIM setup. Always refer to the specific instructions provided by your email service provider (ESP) or the platform generating your DKIM key. They often have tailored guides for various DNS providers, which can save you a lot of troubleshooting time.
Some email providers, like Microsoft 365 (formerly Office 365) and Google Workspace, provide specific CNAME records for DKIM setup. These CNAME records point to keys hosted on their infrastructure, simplifying the process by not requiring you to directly publish a long TXT record. Always check if your provider offers this option, as it's generally easier to manage.
If you're still facing challenges or if your DKIM record isn't validating, don't despair. There are many reasons why DKIM can fail, from simple typos to DNS propagation delays. Our guide on how to verify DKIM setup can help you pinpoint the exact issue.
Maintaining deliverability and simplified setup
Beyond correctly setting up your DKIM record, maintaining good email deliverability involves several other factors. Monitoring your domain's reputation, adhering to sender best practices, and regularly checking for any blocklist (or blacklist) listings are all part of a robust email strategy. These practices collectively ensure your emails consistently reach their intended recipients without issues.
It's also important to understand that a single DKIM record may not be sufficient if you send emails from multiple services (e.g., your marketing platform, transactional email service, and internal email server). Each sending source might require its own DKIM key and record. Ensuring all legitimate sending sources are properly authenticated helps prevent unauthorized email from being sent from your domain and protects your sending reputation.
For non-technical users, services like Domain Connect are emerging to simplify DNS record management. This open standard allows service providers to directly configure DNS records on behalf of their users, with proper authorization, eliminating the manual entry and potential for errors. While not universally adopted yet, it's a promising development for making email authentication more accessible.
Final thoughts on DKIM configuration
Successfully configuring your DKIM record is a significant step toward improving your email deliverability and protecting your brand. By understanding how your DNS provider handles domain appending, you can avoid common pitfalls and ensure your emails are properly authenticated. The simple test outlined above provides a quick and effective way to gain this clarity, empowering even non-technical users to confidently manage their email authentication records.
Remember, email authentication, including DKIM, is not a one-time setup. Regularly monitoring your email performance and staying informed about best practices will help you maintain a strong sending reputation and ensure your messages consistently reach the inbox. If you encounter issues, don't hesitate to consult resources that provide expert guidance to improve email deliverability.
Views from the trenches
Best practices
Always use an online DNS lookup tool to verify any DKIM record changes after saving.
Refer to your email service provider's specific DKIM setup instructions, they often have tailored guides.
If available, utilize CNAME records for DKIM setup as they are generally simpler to manage.
Regularly monitor your email deliverability and domain reputation after DKIM implementation.
Common pitfalls
Forgetting to check if your DNS provider automatically appends the domain name to the DKIM host, leading to duplicate entries.
Incorrectly entering the DKIM key's value, which must be exact.
Not waiting long enough for DNS changes to propagate globally before checking for verification.
Overlooking multiple sending services each requiring their own DKIM records.
Expert tips
Consider leveraging technologies like Domain Connect for a more streamlined, programmatic DNS record setup.
If your DNS provider's interface is confusing, contact their support for assistance with DKIM record entry.
Keep a record of your DKIM selectors and keys for easier troubleshooting and management.
Use a DMARC monitoring service to detect DKIM failures and receive alerts proactively.
Marketer view
Marketer from Email Geeks says that GoDaddy and Squarespace are common culprits for automatically appending the domain name, which leads to frequent setup errors.
2021-06-10 - Email Geeks
Expert view
Expert from Email Geeks says that many DNS providers will automatically append the domain, even if the user manually writes the domain name in the host field. He recommends checking if the domain name is already visible in the input field.
GoDaddy, are known to automatically append the domain, while others, like 
Cloudflare, generally do not. Checking their documentation is a good start, but a simple test can confirm it.
Squarespace, and some others often append automatically.
Microsoft 365 (formerly Office 365) and 
Google Workspace, provide specific CNAME records for DKIM setup. These CNAME records point to keys hosted on their infrastructure, simplifying the process by not requiring you to directly publish a long TXT record. Always check if your provider offers this option, as it's generally easier to manage.
