Setting up DKIM
In this article:
Introduction
Start here if you want to know more about how SPF, DKIM and DMARC work together.
DKIM increases security by adding a key to sent emails that can subsequently be validated by the recipient. The validation happens through a DKIM-record in the associated domain's DNS. DKIM must be set up individually on all domains where you want to use it.
Setting up DKIM
Log in to your DNS-manager and add a new record of the type "CNAME". Insert the following values (where "(domain)" is replaced with your domain name):
- Type:
CNAME - Hostnavn:
webshop._domainkey.(domain) - TTL:
3600 - Text:
dkim.shopfactory.io
Your record should look this in the DNS-Manager: (with your domain instead of "(domain)":
webshop._domainkey.(domain) CNAME 3600 dkim.shopfactory.io
Note: The above DKIM-record is used exclusively for our shop system, where we take care of signing the outgoing email. Any other email sent needs to be DKIM-signed separately, and the necessary DNS-record needs to be set up separately as well.
What does DKIM mean?
The abbreviation stands for “DomainKeys Identified Mail” (DKIM). It is a security mechanism that verifies emails between a sender and a recipient. In practice, all emails sent on the domain in question are signed with a private key (this is done on the mail server). The private key is set up with a key and a selector (in this case "webshop."), that must match the setup in the DNS. The key has a corresponding public key located on the domain, and the recipient then uses the public key to decrypt the private key and validate the contents of the decrypted string. You can find the specification here.
Useful links
- Understanding SPF, DKIM og DMARC
- Setting up SPF
- Setting up DMARC
- DKIM test tool (mxtoolbox.com)