How to set up a DKIM Record
Before creating the DKIM record for your domain, it is important to find out what the server address for the mail service to be authorized (which is going to be permitted to send emails on your behalf).
Overview
- Order the public domain key for your domain.
- Add the key to your domain's DNS record so recipients can retrieve it for reading the DKIM header.
- Tell SuperOffice DKIM is set up - to turn on email signing to begin adding the DKIM header to outgoing mail messages.
In this tutorial, the record will be set up for Google Apps. We will use:
- Mailgun as our mail service (the email service to use to send the email - permitted to send email on behalf of your domain).
- Google Workspace domain email address to "send as" (your 'domain' as the sending email, in other words, what you see in 'from' address in your mailings and email).
Note
This Google account's domain is hosted by Enom. Your domain settings and DNS may differ. Please contact your DNS support team for assistance.
Learn more about DKIM on DNS.
Order a DKIM for your domain name
To be able to create a DKIM for your domain name, we need to know your domain name. To make sure no one else, besides your company orders a DKIM key for your domain name, we need to make sure you are the owner of this domain name.
- Fill out this form and submit it: DKIM ORDER FORM.
- We will reply with the DKIM to the submitted email address.
- You will now need to add this DKIM to your DNS, see next step.
Open the domain settings for the Google domain
Log in to Google with your Google Administrators account, and open your Google Admin section.
Open Domains.
- The icon for opening Domains may be hidden by default and is then found under More controls.
Under Domains, open Add/remove domains.
Click Advanced DNS settings to see your details.
Click Sign in to DNS console to open the DNS console window. You may have to sign into this DNS console with a separate DNS account.
Add the DKIM record
Go to Host Records in the DNS console. The existing records for your Google account are there by default.
We want to add the DKIM record from Mailgun. Click Add New to add the new DKIM record.
- Add "Host name" value ("xxx._domainkey.[yourdomainName]") you received from us.
- Add "Address" value ("k=rsa; p=XXX..") you received from us (see note below)
- Choose "txt" as record type
Note
Some DNS servers may require "version of DKIM". If you are sure your DNS needs it, add it by adding "v=DKIM1; " in front of the key. Example: "k=rsa; p=XXX..." --> "v=DKIM1; k=rsa; p=XXX..."
We also need to add an SPF record that identifies which mail servers are permitted to send an email on behalf of your domain and/or can't send on behalf of your domain. In this case (using DKIM) we need to add 'inlude:mailgun.org ~all' to be able to send and receive emails. Read this article on how to update the spf record.
Click Save to update the information.
Note
Once you’ve added the records and they’ve propagated, it can take 24-48 hours for DNS changes to propagate.
Test a new DKIM record
Use a tool to make sure the DKIM is propagated. Via CMD:
Open Windows Command Prompt: Press Win+R, type
CMD, and click OK.Type
nslookupand press Enter.Type
set type=txtand press Enter.Type:
xxx._domainkey.yourdomainNameand press Enter.
If your key is deployed successfully, it should return your key.
There are several tools online to use - to test your DKIM record.
Here, we have used MX Toolbox. "DKIM Record Lookup"
Open the DKIM tool:
Add your domain name and "DKIM Selector" you received from us, and click DKIM Lookup.
The result should show the values of your public DKIM key data:
Verify back to SuperOffice
Once the DKIM DNS record has been propagated and it tests OK, SuperOffice needs to be informed, so the new DKIM can be activated and used (signing your outgoing emails). Send your confirmation as a reply to the mail you received for the DKIM order. This activation may take a couple of days.