The DKIM needs to be added to your mail server (your hosting provider or mail provider can help with this).
To add the TXT DKIM record:
- Login to your Cloudflare account.
- From the dropdown menu on the top left, select your domain.
- Select the DNS settings tab.
- Select the TXT record and add your DKIM values.
Note that some services additionally require CNAME records for DKIM verification. CNAME DKIM records should be gray clouded otherwise the record value won't be available and verification will fail.
DKIM records can often exceed the 255-character limit for TXT records. Most DNS providers, including Cloudflare will automatically split these into multiple records at the same domain name, producing a record that looks like this in dig/nslookup:
default._domainkey.example.com. 299 IN TXT "v=DKIM1; k=rsa; p=<encoded public key>" "<rest of public key>;"
You should remove the quotation marks and the spaces between them when adding DKIM records to your zone.
You do not need to escape semicolons for your DKIM records on Cloudflare.
If you still encounter issues copy-pasting the DKIM record values, you could also try importing a zone file and then remove
In order to test DKIM records there are several validation tools available online, but please keep in mind these tools are often incorrect. One tool seems to be better at testing both in terms of the validity of the test results and the additional information associated with it for troubleshooting.
Best way to test, however, is to look up the records using a dig: https://scottlinux.com/2012/10/27/how-to-fetch-dkim-records-from-dns/