Go to main content of this page.

Adding DKIM when sending emails

Configuring DKIM can be done for all applications individually or for all applications at once. To configure it for all applications at once go to the main system configuration, otherwise it can be done from within every applications settings. The example here is for a single application.

To configure DKIM, we need to:

  1. Generate a public and private key
  2. Add a DNS record to the domain with a public key
  3. Configure the application to use this key

 

Generate a public and private key

Generating a key is beyond the scope of this article. But you would have to use a tool like openssl and run a command such as:

openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout -out public.key

 

Add a DNS record to the domain with a public key

Use the generated public key in your DNS TXT record under your chosen DKIM selector. The default DKIM selector is "base4', but you can choose any other selector yourself. Your DNS record should look something like:

TXT | base4._domainkey.example.com | v=DKIM1; k=rsa; p=MIIBIjANBgkqh4QXDbGU4fZt....jGqlESj6IyHNZsTbeW4wIDAQAB

 

Configure the application to use this key

Go to the application configuration and add a record dkim | private_string and paste the private key in there. This is the only configuration value that is needed!

Optionally you can specify another selector and a passphrase. Instead of pasting the private key as string, you can also specify the file path where the private key is stored (not recommended).

Always test if the emails arrive, and check their headers to make sure the content is correctly encrypted to improve deliverability.

 

What could go wrong?

Based on the error message you will see in the received mail header, you can determine the source of the problem. If the content seems to not be encrypted correctly, it could be that a mailserver or relaying server changes the message when sending. If the DNS records are incorrectly configured, this is also clearly stated in this error message in the email header.

Also make sure to use correct SPF and DMARC records in your DNS configuration, without this the deliverability will still be low.

 

all comments

write a comment