help-header

How to Configure DKIM Record in ArvanCloud User Panel

 

DKIM or DomainKeys Identified Mail is an Email authentication standard supported by leading companies like Google, Yahoo, etc. It validates emails with the help of Public Key Infrastructure (PKI). DKIM provides a digitally signed authentication method to sign an email cryptographically, and this signature is placed on the email's header.

What Is the Difference Between DKIM and SPF?

On the one hand, the Sender Policy Framework (SPF) mechanism provides a list of authorized IP addresses and hosts allowed to send emails from a specific domain (Authentication). On the other hand, the DKIM mechanism adds a cryptographic digital signature to the email header to authenticate the sender's identity. (Identification)

Sometimes servers by interfering in the sending process (from source to destination), prevent some part of an email from being sent. This will fail the SPF mechanism. Nevertheless, the DKIM digital signature on the email header will act successfully in the same cases.

Please note that if only the SPF record is defined for the domain, the destination server will consider it a spam.

DKIM Function Explained

The singing server, which has active DKIM, creates the private/public key pair and publishes the public key via the DKIM record.

While sending an email, this server selects the header, some parts of the body and computes their hash values. Then it will encrypt the hash value with a private key (Singing). This encrypted value is called a signature. Finally, it will add this signature to the email in a DKIM-Signature header format and send it.

Once the verification server receives the signed email, first, it looks for DKIM-signature in the email header. If this field is included, it goes for the DNS server and decrypts the email with a DKIM record. 

If this process was completed successfully, the server accepts the email; otherwise, it will be considered spam.

DKIM Record's Format

DKIM record is a .txt string as below:

The text string mentioned above can include some of the following tags:

  • v: it defines the version of the DKIM protocol. The only version of this protocol is DKIMv1.
  • h: it defines a list of headers that will be used to create the hash.
  • q: it defines the default query methods.
  • l: it defines the body length limit.
  • k: it defines a list of mechanisms used to decrypt the DKIM signature.
  • p: it defines the public key.

Setting a DKIM Record in ArvanCloud Panel

To set up the DKIM record for your domain, follow this instruction:

  • Go to: ArvanCloud User Panel > Cloud DNS > Record Management
  • On DNS settings, enter TXT on Type and @ on Name boxes (This name points out to your domain).
  • Click on the Value box.
  • In the pop-up window, enter the DKIM record value you received from your email service provider (like Mailgun or G suite).
  • Click on the Save button.
  • On the TTL box, enter your intended period, and click on + to add.

A Practical Application: Sending Email from Mailgun.org

Once the domain is registered in the mailgun.org email service, the DKIM record value will be given to you.

All you need to do is to enter this in the Value box of the DNS settings. Read the mailgun.org guide for more information.