Domain Management
      Back to home
      1. Help Center
      2. Portal Guides
      3. Domain Management

      DKIM Configuration Settings & Setup

      Understand your DKIM configuration settings and setup DKIM record delegation to enable management through Sendmarc

      Sections in the article:

       

      To enable management of your DKIM records, you'll first need to add your domain to Sendmarc. Once your domain is added you can enable DKIM Public Key Hosting and setup DNS delegation for your DKIM records.
       

      Setup & Verify DKIM Delegation

       

      If this is your first time editing your domain, it is important to add or import your existing DKIM keys before enabling DNS delegation. DKIM Keys are not automatically imported.

      Steps to follow:

      1. Navigate to Domains in the left navigation bar.


      2. Click on the domain you wish to configure then click Edit. Or click the Pencil Icon of the domain you wish to edit.
         
      3. Click on DKIM Settings to enable DKIM Public Key Hosting. It may take a few minutes to generate the DNS configuration setup instructions, during this time it will be hidden from view.
         
        When enabled you can check whether the correct Public Keys are listed and that the correct settings have been applied, if not you can make necessary adjustments where needed.

          

      4. Expand Your DNS Configuration section to reveal the DNS records required to enable DKIM management for your domain.

         

        The DNS Configuration section will contain:

        • DNS Records - This is the new DNS records to enable DKIM delegation.
        • Verification Status - Indicates the various states of verification with the date and time of that the last validation occurred.

      5. Now add the NS records to your DNS to enable delegation. The process of updating your DNS may differ depending on your hosting provider. Visit the Service Provider Section for more information.
      6. Click Verify to validate your newly added DNS record. It may take some time for the record to reflect, but Sendmarc will continue to attempt verification in the background.
      7. Once your setup has been fully verified you've successfully delegated the management of your DKIM records to the Sendmarc platform. This will be indicated by a green tick.

      Various States of Verification

      • Verified - Matching NS records found and DKIM delegation is enabled
      • Unverified - No Matching NS records found

       

      Sendmarc needs to verify whether your DNS setup contains the valid delegated records before you can start managing your DKIM settings through our platform. The records found inside of your DNS need to be the exact records that were provided in the setup instructions. If correct, your DKIM setup will be set to "verified" and your DKIM settings can be managed through our platform.

      If you have just created a new domain and the verification is failing, please allow the full Time To Live (TTL) of the domain to lapse its configured period and try validation again.

       

      DKIM Configuration Settings

      Configuring DKIM Public Keys

      The list of DKIM Public Keys that appears in the list are generated in one of the following ways:
      1. Manual Import or Re-Import (The import option becomes available when DKIM Public Hosting has been enabled and relies on your reporting data to identify the DKIM keys that are being used. It is best to check your existing DNS to ensure all keys have been setup. This option will be disabled if you've already verified/delegated DKIM setup.)
      2. Manually added and configured by you

      You can click the Pencil icon on each of the public keys to verify settings and update them accordingly.

      To add a new Public Key click ADD A PUBLIC KEY.

       

      For each of the public keys you can specify:
        • Selector
        • Record Type (TXT, CNAME)
        • Value
        • TTL
        • Description - Used for notes

      DKIM Policy

      This record forms part of the original DomainKey specification which has since been made obsolete. Defaults are set that are safe to leave untouched for senders requiring this record to be set.

      Outbound Signing Policy

      Choose whether you would like some or all emails signed.
      • Some Emails Signed - Soft fail if DKIM key is not valid (Unsigned email should be accepted)
      • All Emails Signed - Hard fail if DKIM key is not valid (Unsigned email will not be accepted)

      Testing Mode

      Choose whether you would like DKIM signing in testing mode.
      • Enabled - Passes all DKIM keys even when not valid
      • Disabled - Only passes valid DKIM keys

       

      Need Help?

      support@sendmarc.com is standing by to assist!