Setting up DKIM for transactional emails

To enhance security for outgoing email and improve deliverability, the DKIM standard adds an encrypted signature to the header of all outgoing messages. Email servers that get signed messages use DKIM to decrypt the message header, and verify the message was not changed after it was sent.

This article explains how to use the Message Center API to generate DKIM keys that can be stored in your DNS provider, so that all transactional emails sent by VTEX can be recognized as legitimate.


These instructions only apply if the sender is set up using VTEX mail servers. If you are using your own SMTP provider, you need to configure DKIM in your mail server.

DKIM endpoint

post https://{accountName}.{environment}.com/api/mail-service/pvt/providers/:EmailProvider/dkim

  • {accountName} should be replaced with your store's account name (e.g. cosmetics2)
  • {environment} should be replaced with the environment you are using (e.g. vtexcommercestable)
  • :EmailProvider should be replaced with the configured e-mail address (e.g. [email protected])

Check out the Message Center API reference for more details.

Generate DKIM key for your domain

Before you have setup a sender in Message Center using VTEX mail servers, this is the expected response from the DKIM endpoint:

    "status": "emailNotFound",
    "dkimKeys": null

Once the sender has been set up, you should receive an e-mail from Amazon Web Services requesting you to authorize the configured e-mail address for use with Amazon SES.


Clicking on the confirmation link provided in the e-mail body verifies you are the owner of the configured e-mail address. This is required for the mail server to send mail on your behalf. Until this is done, this is the expected response from the DKIM endpoint:

    "status": "emailNotVerified",
    "dkimKeys": null

Once you have clicked on the confirmation link, you may test your SMTP configuration by clicking on the ✅Test button, as shown in the image below.


After clicking on ✅Test button, you should receive an e-mail from the VTEX mail server using the sender you selected. The e-mail message sent follows the Message Center template messageservice_teste_email, which can be customized as seen in the image below.



If you don't receive any messages, review your sender configuration and try again.

Once you have correctly set up a sender in Message Center using VTEX mail servers, you should get a response similar to the one below from the DKIM endpoint:

    "status": "created",
    "dkimKeys": [

Add the public key to your DNS records

Now that you have generated a DKIM key for your domain, you need to add the values listed in dkimKeys in your DNS records. You should check the documentation for your domain name registrar for specific instructions on how to do that, but this is the general flow:

  1. Sign in to the management console for your domain host
  2. Locate the page where you update DNS records.
  3. Add a TXT record corresponding to your DKIM keys
  4. Save your changes

In up to 72 hours, all settings will propagate automatically and our servers will start adding a DKIM signature to all outgoing messages.

What’s Next
Did this page help you?