What is this
DKIM (DomainKeys Identified Mail) is a digital signature your sending mail server attaches to every outgoing message. Receivers verify the signature against a public key in your DNS. If it checks out, the message originated from your domain and was not altered in transit.
Why it matters
DKIM plus SPF is what DMARC is built on. Without DKIM, DMARC alignment fails and your mail is more likely to land in spam, especially when forwarded (where SPF often breaks).
How to fix it
TransIP: Open whichever mail provider is sending mail (TransIP Mail, Microsoft 365, Google Workspace) and copy the DKIM CNAME or TXT records they hand you. Add them under Domains > DNS.
CloudFlare: Add DKIM records as CNAME or TXT at the hostname your provider specifies (e.g. selector1._domainkey). Disable proxy (grey cloud).
Strato or Antagonist: Get the DKIM selectors from your mail provider. Add them in DNS management with the correct hostname (<selector>._domainkey).
Other: Generate or obtain the selector and public key from your sending provider, then add a TXT record at <selector>._domainkey.yourdomain.com containing v=DKIM1; k=rsa; p=<public-key>.
Verify
Run dig TXT selector1._domainkey.yourdomain.com +short. Send a test mail to Gmail and check Authentication-Results: dkim=pass with your domain.