Contents
Introduction
Purpose
DomainKeys Identified Mail (DKIM) guarantees that your email content has not been intercepted and altered. DKIM uses an encryption algorithm to create a pair of electronic keys — a public and a private key. The private key is kept private on the server it was created on, which is usually your mail server. The public key is placed in the DNS TXT record.
Description
The DKIM record is a text string with 3 required DKIM tags and several optional ones. Ideally, your mail server will provide a tool that allows you to create a pair of electronic keys on the server (eg. see ). The public key is used in your DNS record.
Creating your DKIM record
Preparation
- Check if your hosting includes auto-generated DKIM keys, ie. the records already exist
- for example with Skylime, a default pair of keys is created for all domains with websites hosted or parked with us
- check your DNS records for TXT records that include {selector}._domainkey.{yourdomain.com} in the Name field
- If your domain doesn’t yet have a DKIM record, you must create a public and private DKIM key for your domain
- most mail servers usually provide a method for this; you will need to check up on the process
- if not, you will have to use a specialist DKIM key provider
Action
- Don’t do anything if your domain already has a DKIM record set up
- however, changing your email system to Gmail requires a new domain key set up with Google
- Otherwise, log into your hosting or domain registrar account —
- with Skylime you log into your cPanel account, and
- find the DNS Zone Editor and select Manage
- select + Add Record and choose Add “TXT” Record option
- with non-cPanel accounts accessing the DNS editor will be slightly different
- with Skylime you log into your cPanel account, and
- Add a new TXT record to your domain’s DNS.
- Name (‘Valid zone name’) is where you enter 2 of the 3 required DKIM tags —
- SELECTOR (a short alphanumeric string supplied to you by provider of DKIM)
- .domainkey.
- DOMAIN
- TTL is server delay; usually you can leave this as default value (here it is 14400)
- Type is TXT; if not already correct, change it by clicking the dropdown
- Record (‘Text’) is where you enter the details provided by your DKIM key provider (see options below)
- ideally all tags should be provided as one to copy & paste
- optional tags may precede the compulsory one, eg. —
- v=DKIM1;
- k=rsa;
- compulsory tag —
- p=PUBLIC KEY (a long alphanumeric string)
- Check that what you have inputted is correct (copy & paste is best)
- 1 small error can block all your emails
- Click the Save Record button to complete
- Name (‘Valid zone name’) is where you enter 2 of the 3 required DKIM tags —
Typical example
2 tags in Name — [1] google._domainkey. [2] skylime.co.uk
3 tags in Record — [option] v=DKIM1; [option] k=rsa; [3] p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCG/hRlA+1hcecwXwP3aWnUeyRp+z0Ijqa097ntn8qgB/jLTgTUvDU0wKaM4PAfc9SKdLg4cDtAx6QvksijLXL+JDWImglBY8jVDsUQYgsT/ChwHpKDWFtZr4l+uXaEKYcdKAxN3NWFEHY/d/f6ic/p5jDEE7gM5xkGiczm2oNhVQIDAQAB“
What does this mean?
1Selector |
2Domain |
Optional Version |
Optional Key Type |
3Public Key |
skylime.co.uk | v=DKIM1 | k=rsa | p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCG/hRlA+1hcecwXwP3aWnUeyRp+z0Ijqa097ntn8qgB/jLTgTUvDU0wKaM4PAfc9SKdLg4cDtAx6QvksijLXL+JDWImglBY8jVDsUQYgsT/ChwHpKDWFtZr4l+uXaEKYcdKAxN3NWFEHY/d/f6ic/p5jDEE7gM5xkGiczm2oNhVQIDAQAB | |
Options | ||||
The Record Name used as a selector with the domain | The Domain Name helps locate the public key | There is no other version at present | The type of cryptographic key used | A random set of upper & lower case letters, numbers & punctuation marks published to DNS as part of the record |
Examples | ||||
2B8U4DAB93D58YR default 20191216210413pm |
yourdomain.com bbc.co.uk |
v=DKIM1 | k=rsa k=ed25519 |
p=QC1TaNgLlSyQMNWVLNLvyY/neDgaL2oqQE8T5illKqCgDtFHc8eHVAU+nlcaGmrKmDMw9dbgiGk1ocgZ56NR4ycfUHwQhvQPMUZw0cveel/8EAGoi/UyPmqfcPibytH81NFtTMAxUeM4Op8A6iHkvAMj5qLf4YRNsTkKAV |