Optional background: What is DKIM?
Authenticate lets you add, view, and remove DKIM keys for different senders.
Managing DKIM Keys
DKIM keys are associated with senders.
Find the sender you want to manage keys for on the Domain dashboard.
Click on the sender to see more details.
On the sender's detail page, look for a 'Configuration' section, which should include DKIM.
If the sender supports sending with DKIM keys in an aligned manner (required for DMARC), then a section on DKIM will show here, including a list of relevant keys.
Adding a DKIM Key
To add a key, click 'Add DKIM Key' and complete the short form.
Domain will be pre-populated with our best guess, but you can change it to a subdomain if instructed to, like "mail.acme.com" or "1234.mydomain.com"
Selector is like the name for a key and is usually very short like "k1" or "20200816"
Type means whether the key you want to add is a TXT record, with a long string of seemingly random characters, or a CNAME record, which looks like a url.
If you select TXT, Public Key is the specific record value
If you select CNAME, CNAME is the url target where the key can be found.
Advanced Options are rarely necessary but allow you
- To mark a key as "new" to help you track how old your keys are. (Most imported keys are of unknown age.)
- To require a key to use "simple" mode, which makes authentication more difficult and we do not recommend.
- To omit the version number at the beginning of the record. The only reason to do this is to support services that try to validate DKIM keys but don't accept the v=DKIM for validation.
Sample TXT key Record Name: abc._domainkey.yourdomain.com The part in front of ._domainkey is the SELECTOR After ._domainkey you have the domain or subdomain that owns the record. Record Type: TXT Record Value: "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8XzjQk7VuhGE+u6hGVVgJ75C4heUBOVJ/EW+KYjVut36h0NnGWxwLi+G6Twm1jpKnUuyTM4/cvPh1POJt8feYLRkbBRBEsgDgP5gnkNWpK1REp730dDYYEZyF6rwPEAJulx3yEONh81xsi6bWP4RcSl+enVEIKEPK93syZ2ZPrQIDAQAB"
Sample CNAME key Record Name: abc._domainkey.yourdomain.com The part in front of ._domainkey is the SELECTOR After ._domainkey you have the domain or subdomain that owns the record. Record Type: CNAME Record Value: selector2-yourdomain._domainkey.thirdpartyserver.com
View a Key
The configuration panel for DKIM will show all keys this sender can use to sign emails. Here you will also see if your keys are failing, unaligned, or encountering another problem. You can see all DKIM keys associated with this service across subdomains.
To see more about a specific key stored in Authenticate, click on the selector pill for that key.
Here you can see specific details about the key, for when you need to go on a real deep dive.
Deleting a Key
Deleting a key is straightforward. You will not be able to restore the key easily if you make a mistake, so consider copying down information on the key if you are not completely sure about this. Then you can Add a new key with the old information and everything will work again.
To remove a key, navigate to a sender's detail page.
View the key as described above.
Click the trash can icon in the upper right and then confirm you choice. The key is now gone.