Steps to configure DKIM for my domain

DKIM (DomainKeys Identified Mail) is an email authentication method that uses cryptographic signatures to verify the legitimacy of an email's sender. It ensures that messages are not tampered with during transit and helps recipients verify that emails genuinely come from your domain.

DKIM configuration steps may vary depending on the provider, but you can follow these general guidelines for a smooth setup.

1.Check Email Provider’s DKIM Setup Requirements

  • Login to your email service provider.
  • Locate the DKIM configuration section (you might find configuration instruction within their knowledge base/blog or reach out to support directly)
  • Note the required values for DKIM record, such as:
    • Selector (e.g. default or custom name)
    • Public Key (provided by your email provider)

2. Access your DNS and add the DKIM records

  • Locate the DNS zone of the domain
  • Create a new TXT (also can be CNAME) record with the following data obtained from the email provider:
    • Name/Host: <selector>._domainkey.<yourdomain.com>
      Replace <selector> with the value provided by your email provider (e.g., default, selector1) and <yourdomain.com> with your domain name.
    • Value/Content: Copy and paste the DKIM public key provided by your email provider.
      E.g. v=DKIM1; k=rsa; p=PublicKeyHere
    • TTL: Set to the default value.

3.Enable DKIM in your email system

  • Return to your admin console of the email provider
  • Enable/activate DKIM signing (verify) for your domain

4.Test your DKIM configuration

If your email provider or setup doesn't provide specific DKIM instructions, such as when using a dedicated IP, you can manually generate and configure DKIM. Here are the steps:

1.  Use a tool like OpenSSL or EasyDMARC’s DKIM key generator to create a key pair.

  • Public Key: This will be added to your DNS.
  • Private Key: This will be used by your email server to sign outgoing emails.

2.  Publish the DKIM Public key in the DNS

Add a TXT record with the following details:

  • Name/Host: <selector>._domainkey.<yourdomain.com>
    Replace <selector> with the value provided by your email provider (e.g., default) and <yourdomain.com> with your domain name.
  • Value: v=DKIM1; k=rsa; p=<PublicKey>
    Replace <PublicKey> with the content of your public key.
  • TTL: Set to the default value.

3.  Configure the email server

  • Add the private key to your mail server's configuration.
  • Specify the selector and enable DKIM signing for outgoing messages.

For example, in Postfix with OpenDKIM.

4.  Test your DKIM configuration

Configuring DKIM is a vital step in protecting your domain's reputation and ensuring email security. Whether you're guided by your email provider’s instructions or manually setting it up for a dedicated IP, the process strengthens your defences against email spoofing and enhances your deliverability.

Don’t forget to test your setup and regularly monitor your email authentication settings to keep your domain secure and trusted.