I have flagged your comment as inappropriate
Option #1: Use the DKIM records listed in your MIAB Admin Panel. Go to System → External DNS, and copy the values into your DNS provider’s records. Note: DKIM can fail even if set up correctly in the DNS! See also: DKIM-Signature header exists but is not valid
My results from http://www.isnotspam.com/
Result: fail 
ID(s) verified: header.From=me@box.example.com
Selector=mail
domain=example.com
DomainKeys DNS Record=box._domainkey.example.com
What Google Domains told me:
“I mean, the DNS are set up correctly so it shouldn’t have any issues with the DKIM. There’s a possibility that the mail server itself that is having an issue that’s why you’re getting this error…It seems the problem is with the email host. Please note that our scope of support is within Google Domains only. We do have limited information about how a mailserver work. The DNS is set up correctly, it’s best that you contact your mail host to check why you’re still getting this issues even if the DKIM record is already added.”
How DKIM works:
https://blog.returnpath.com/how-to-explain-dkim-in-plain-english-2/
Step 1: Identifying what message elements to sign with DKIM
Step 2: The encryption process
Step 3: Validating the DKIM signature with a public key
Option#2: How to create a DKIM Record (the long way):
https://blog.returnpath.com/protecting-your-brand-from-phishing-how-to-create-a-dkim-record/
1.) Inventory all of your sending domains.
2.) Install and configure DKIM on your email server.
3.) Create a public and private key pair.
4.) Publish your public key.
5.) Store your private key.
6.) Configure your email server.
7.) Test!
Is DKIM even worth it?
DKIM attempts to allow a recipient to verify that the domain from which the message is purported to originate is in fact the sender of that message. The sending domain digitally signs the message and specified parts of the message envelope using a private key, and puts the signature into a “DKIM-Signature” field. The recipient reads this field, which includes the name of the purported sending domain, and retrieves that domain’s public key from the DNS. It uses this to verify the signature against the contents of the message. This proves both that the message was in fact sent by the domain which claims to have sent it and that the signed parts of the message were not modified in transit.