Spammers can forge the From address on mail messages so that the spam appears to come from a user in your domain. To help prevent this sort of abuse, Google Apps enables you to add a digital "signature" to the header of mail messages sent from your domain. Recipients can check the domain signature to verify that the message really comes from your domain and that it has not been changed along the way. (If your domain has an SPF record, recipients can also verify that the message came from an authorized mail server.)

Google Apps' digital signature conforms to the DomainKeys Identified Mail (DKIM) standard. To add a digital signature to outgoing mail, you generate a 1024-bit domain key that Google Apps uses to create signed mail headers that are unique to your domain. You add the public key to the Domain Name System (DNS) records for your domain. Recipients can verify the source of a mail message by retrieving your public key and using it to confirm your signature.

Refer the link to setup DKIM Key