How To Setup DKIM in 3 Steps - Set Up DNS & EMail (2023)

Introduction

How to Setup DKIM Keys and DNS Text Record Entry

Name : [Your Selector/Key]._domainkey.YourDomain.com.

Value : v=DKIM1;p=[YourPublicKey]

Selector : Key001

Content

There are three basic steps to setting up dkim for your email services.

First, you generate your keys, which we result in the public key and a private key.

You enter your public key into your DNS servers and your private key into your email server.

Let's start by generating the keys, go over to Google type in DKIM generator at this time.

Right now, port 25 is coming up for number one and then there's also dkim core, which is actually a better generator, but for the purpose of this video, let's use the one that has a more user-friendly interface.

It also allows you to specify your own key, so it's a little bit more preferable when prompted in their generator enter your domain name.

And then this one allows you to specify your own selector key, whereas the other generators sometimes generate them for you, and it's a bit messy and inconvenient.

So I like to specify my own key, so I'm, just gonna put in key 0 1, then you can select your bit rate, which is 124 or 200 for eight generations, when the public and private keys are generated, you're ready for step.

Two, which is entering the public key into your DNS servers in a notepad.

Let's build our DNS text record entry.

This is literally a text record entry type into the DNS server opposed to MX records, see names and the other types of records that you can enter into a DNS.

This one is particularly a text record entry.

You will have that as one of your selections in the text records each consists of a name and a value in this case for the dkim setup, the first part of our name is actually the key or selector that was used when you generated your keys at the generator of your choice.

In this case, I used key 0, 0 1.

It says they say it's selector and but yet it's also the key.

That's a little confusing, sometimes, and then you put that in the first part of your name value, and so it's key dot underscore domain key, and then your domain name followed by a dot and so mine's f0 here and I'll put that in here, and so my name.

The value from my name is key: zero, zero one dot, underscore domain key dot, F 0, dot, net dot, the most important part being the trailing dot at the end of that anytime.

I use this set up without the trailing dot it would fail the DKIM process, and so that is an important part to remember about the name.

The next part is the value which is your public key, and that is preceded by V equals DKIM.

Semicolon P equals your public key.

So, let's grab the pub key that was generated over here.

Do not include the begin or end markups, because in some systems those will be stripped out, but we're talking about a DNS crude text record entry, so we only want to have the value selected there easy way to handle.

That is just to throw it on to a notepad.

Get rid of the carriage returns, select the whole thing, and then it comes after the P equals.

Dns always contains the public information, and so the name value is set here and the actual value is set here, that being your public key and then the selector is not part of the record, but I've added it here.

That's really used later in the process when you're setting up your email server you'll want to know what your selector is, because that is part of the dkm process that I'll demonstrate later on in the video in your email server.

You need to know what your selector is, or it won't match up with your public assignments here, and so that's it for domain the domain text record entry, and now we can go over to our DNS and set this up.

This is my DNS control panel and don't get confused by who you're hosting your DNS with your domain name servers which are connected with your domain.

It doesn't matter if you're hosted at network Solutions, godaddy Namecheap or your private host.

All DNS servers are the same.

Dns entries are a records, see names, MX records and text records and a few others that we don't need to cover they're all.

Basically the same, the interfaces look different, but they will all have a text record entry option and that's what a dkim record is, and so we will select text record entry and then we will go get our name value, which is here, which does not include the word name.

So we're going to copy that and we're going to enter that into the name value.

And then the value of that record is the string that was built out here in your notepad.

The V equals deke.

I am P, equals your private key that will go in the value.

This is basic to all DNS servers.

So if you're having any trouble with it, just contact your host and they'll tell them.

You need to enter a text record and then they'll ask you the name and the value more likely they'll direct you to a control panel, where you can do it on your own I'm.

Going to add this record now, I have a text record value in my DNS.

It's name is the key that we specified and built out in the notepad, and the value is also the same that we built out in the notepad.

Now we're done with the step two which is entering the public keys and the DNS servers.

That step is done now, we're ready for the final step, which is entering the private key into your email server, in my case I'm using HTML server.

So first, let's get our private key and copy that, with the begin, RSA private, key, open and close strings.

So let's copy that and then I'm going to go over to my network server over here on my public internet server, I'm using HTML server, but it doesn't matter which email server you're using as long as it supports dkim, you will have an interface to put your dkim key into and so for this case, I'm just going to drop it in the root of one of the hard drives, create a new text record, just name it DKIM key.

And then I'm just going to paste my private key on there.

Remember, that's the private key that you got over from your generator over here.

That says private key, then I'm just going to exit and save as I'm exiting and then I'll go into my control panel.

Once again, it doesn't matter what email server you're using just get down to your domain or wherever you control dkim for each domain.

That's hosted on that email server in this case, I'm, going to use the example of f0 dkm signing is the tab for HTML server and I'm going to enable that service.

Then it's going to ask me for the private key, and that is the key that I just put on that text record, and so, let's find that DKIM key is what I had just created there.

Previously next is the selector, which is absolutely critical to be accurate on that's why we saved it down here in our notepad and we can simply copy and paste it over into the selector value.

This is also the same as the key that we entered when we were generating our keys over here on port 25 or whatever generator you used.

It is the same as the selector value that is designated here now that you've completed step 3, which is entering your private key and the selector into your email server.

It's time for a real-world test.

The best way to see if your dkm setup is working is to send a real-world email test.

There are third-party tools out there like MX toolbox is an excellent resource, but there's nothing like a real-world test to see.

That's actually working also Gmail in particular, gives you very quick and easy access to see the message header and gives you a clear definition of if the dkim is passing.

Failing, so I've sent myself a test here, just Maclaren test one and then go over here to the right-hand side, where you can select a drop-down menu.

Gmail will extract the header and give you a very clear view of if your DKA setup is passing or failing along with your domain name.

So with a successful test like you just saw, you have now completed your DKIM setup.

If anything went wrong, it is most likely your selector key.

That is where I had the most difficulty, setting this up a trailing dot or not having a trailing dot from some of the generators made.

All the difference of whether the dkim would pass or fail.