What is DKIM?
DomainKeys Identified Mail, or DKIM, is a technical standard (RFC 6376) that helps to protect
email senders and recipients from spam, spoofing, and phishing. DKIM is a form of email
authentication that allows an organization to claim responsibility for a message in a way that
recipients can validate. DKIM uses public key cryptography to verify that an email message
was sent from an authorized mail server. It works by adding a digital signature to the headers
of an email message. Recipients can then validate that signature against a public cryptographic
key in the sending organization’s DNS records.
Configuration of DKIM signing for outbound email
You use the controls on the Outbound DKIM Signing Settings page to search for your registered domains and add new selectors to them. You also use these controls to change (or rotate) active selectors, and test that you have correctly entered DKIM signatures in your public DNS records.
Requirements for configuration of DKIM signing:
■ ClientNet administrators must have both View Config and Edit Config roles for all services.
■ Domains must be registered in ClientNet. Outbound IP addresses must be registered in ClientNet. For hosted providers, SPF checks must pass.
■ For DKIM selector names, only alphanumeric characters (a-z and 0-9) are supported.
■ You must add at least one selector before DKIM can be enabled for a domain.
Step 1: Add a selector to a domain
Step 2: Update the public DNS record
Step 3: Verify propagation and then enable DKIM for the domain
■ Have you waited 72 hours for your new record to propagate?
■ Can you find your DNS record with a DNS lookup tool, and does it appear to be correct?
■ Does the record you found with the lookup tool match what is displayed in the portal?
■ Ensure that semi colons (;) are used to separate the different tags (v; k; t; and p;) in the TXT record.
■ Verify that there are no spaces between the characters in the P= string.