DomainKeys/DKIM

JangoMail fully supports the DomainKeys (DK) and DomainKeys Identified Mail (DKIM) email authentication standards. It's important to have DKIM set up with your own domain you will be using as your From Address, along with an SPF record and custom tracking domain.

What is DomainKeys/DKIM?

DomainKeys and DKIM are two email authentication standards, the former invented by Yahoo!, and the latter a combination of efforts by Yahoo! and Cisco. Both of these standards cryptographically sign an email message using a public/private key mechanism in such a way that a sending server can encrypt a message with a private key and a receiving server can decrypt the message using the public key. This ensures that it has not been tampered with en route to the receiving server and to ensure that it originated from the domain that is claimed in the From Address field.

Email messages that are signed with DomainKeys have a DomainKeys-Signature header in the email message such as:

DomainKey-Signature: a=rsa-sha1; c=nofws; s=jangomail; d=jangomail.com; q=dns; 
h=DKIM-Signature:Subject:Sender:From:Date:To:X-Priority:Content-Transfer-Encoding:MIME-Version:X-Mailer:X-VConfig:Content-Type; 
b=EEuzdikFieudUhYWbTeZKOnL5TwzCqQRG47Qlat3zvE1viBvas0mq9y9REzFoP8riz7U8Nb1tyPi+RIQv8PtDi3hgn
PBFudlRAV3hIffLJrR8MzFG8HGRaDkFgc93Gite7RVZMtqdnswbY9DbO55JtZdXGAjIK4fpqkwUiPecMY=;

Email messages that are signed with DKIM have a DKIM-Signature header in the email message such as:

DKIM-Signature: a=rsa-sha1; q=dns; c=simple/simple; d=jangomail.com;s=jangomail; bh=ZLzcKQojTfKSnBkkh0yGb42XEjo=; 
h=Subject:Sender:From:Date:To:X-Priority:Content-Transfer-Encoding:MIME-Version:X-Mailer:X-VConfig:Content-Type; b=YM8+L1Dw59pY0PP6fI54SPkLI+lRfLVLzkH9lZHeSXWsmLH7Bdv6CwgF6hmYyGEKzNbDe14EBJeT/yUflM5d8Jdu90ed2CkZSLLy
TMiZgdCPMQNXRnWOiGQv0Ngl41GbWuPXA7iT0Zh72C7RGLB6SsjErzd8sNCOH89TtiR0Nvk=;

Since JangoMail supports both DomainKeys and DKIM, email messages signed may have both headers present. The signatures present in the header are based on the email message's From Address and the public key in the From Domain's DNS record. The DomainKeys record for jangomail.com looks like:

jangomail._domainkey.jangomail.com text =

"k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqZ/L9o9Tw1xb0tdsgNzzqmG
Fg8srW3kGkszJfUY502io7Sacpw/37FJLBskdYKshk2Q5OoNwbml1HwXmSsdpK+PYUXYOu7QAof6WE38
kdXpb5mYEOAPXeDPad/cer2C7BggEStbOQj3AOzroqfzCWc2+uIX6M3u/ZQAVbfKU1kwIDAQAB"

Note that this is a TXT record in the DNS settings for jangomail.com. When adding a DomainKeys/DKIM record for a domain, the public key goes into a TXT record for selector._domainkey.DomainName.com. In this example, the selector is "jangomail".

Read on to learn how to use DomainKeys/DKIM when sending from a non-jangomail.com domain.

Setting up DomainKeys/DKIM for your Sending Domain

(Watch Video Here!)

To set up DomainKeys/DKIM on your own domain, you need to do the following steps:

  1. Log into your JangoMail account. (JangoSMTP steps in the account will differ slightly.)
  2. Go to Settings → Sending and Receiving → DomainKeys/DKIM. (JangoSMTP users will find it in Settings under the Advanced JangoSMTP Settings section.)
  3. Click Add New Item.
  4. Add your domain by entering your domain and a selector for your domain and then click Save. A good default is to simply use "jm", though any word such as "jangomail," "jm," "jango," or your single-word username will work. Keep in mind that the selector you choose will correspond to the DNS record you must add for your domain (TXT record for selector._domainkey.yourdomain.com).
  5. A private key has now been created for your domain, but the key pair will be disabled until you add the public key into your DNS server. You must now add the public key to your DNS server. To view the keys, click the View Keys icon next to your domain. A popup will launch showing you the public key, the private key, and the exact DNS TXT record you must add into your DNS server. Contact your DNS server administrator to have the TXT record added for selector._domainkey.yourdomain.com. Ensure that you copy the entire contents of the Value field in the popup window.
  6. Once the DNS record is in place, you must come back to JangoMail to enable the key pair. Go to Settings → Sending and Receiving → DomainKeys/DKIM, and click the Enable icon  next to your domain. Confirm that you want to enable the DomainKey. JangoMail will then verify that your DNS TXT record is in place and correct, and if so, it will enable the key pair. Your email campaigns will now be signed with DomainKeys and DKIM.

    Note: It may take up to 48 hours for the new TXT record to be visible in DNS, so you may nto be able to enable the key right away.

How do I know everything is working?

First, to ensure that your emails are being signed with DomainKeys/DKIM, send yourself a test email message from your account, and then view the full headers of the received message. You should see one of two added headers, a DomainKey-Signature header and another DKIM-Signature header.

Secondly, to test that the signatures are correct, you can do one of several tests:

  1. Send a test email message to an @gmail.com email address. Then login to your GMail account and view the email message. Click on "show details."
  2. Send a test email message to the Sendmail reflector service. Do this by sending an email message to sa-test@sendmail.net. Sendmail will respond immediately with an email message sent back to the From Address of your test message. 

 

Step by step video:

 

 

Read up on our deliverability suggestions.
You can also see these external resources.

 Last Updated: 4.3.15 AH

Have more questions? Submit a request
Powered by Zendesk