Sign into your Google Admin console (at admin.google.com) with super administrator privileges
Go to Apps > G Suite > Gmail.
Click Authenticate email.
Your primary domain is selected by default. Click your primary domain name and select another domain where you’ll use DKIM.
Click Generate new record and you’ll see these options:
Select DKIM key bit length: 2048-bit key
Prefix selector—Domain keys include a text string called the prefix selector which you can modify when you generate the key. You can keep the default prefix selector for the Gmail domain key as google.
Click Generate. A DNS TXT record will be generated as shown below:
If you are using a Gsuite domain host partner, check if the DNS TXT record generated in step 6 has been added by default. Otherwise, add the DNS TXT record generated in step 6 above to your DNS:
The record will look something like this:
Host name (if google is the prefix selector): google._domainkey Value: TXT record value generated from step 6 above.
8. To confirm if you’ve correctly published your DKIM DNS record, Log into your PowerDMARC account > select Power Toolbox from the menu > DKIM record lookup > enter your selector and domain > click Lookup DKIM
If correctly published, the record will be fetched and displayed.
Document Classification:Confidential www.powerdmarc.com
9. After adding the DKIM TXT DNS record, click on “Start Authentication” in your Gsuite admin panel
10.You can send a test email to another Gsuite user and view the headers to confirm that emails are being DKIM signed
For more information, refer: