PART 2 – DKIM
Currently, the three protocols you need to put into place to secure and authorize your email are SPF, DMARC and DKIM. This post will talk about creating a DKIM record. DKIM stands for Domain Keys Identified Email and is a somewhat more involved and challenging element to implement than SPF. DKIM also requires outgoing email servers to be authorized over and above just adding a DNS record.
DKIM requires a DNS record that includes a public cryptography key to help verify that a sender is allowed to send email for a given domain as well as the private key that is used for signing outgoing email. Adding a DKIM entry for a domain is basically the same as the SPF record; add a new TXT record but for the host name option, you will need to use the proper “selector” which is basically a prefix for your domain and then the public cryptography key. There are lots of ways to generate a proper key – on a Linux system, ssh-keygen tool can be used and on a Microsoft system, PuTTYgen can be used. For a Microsoft 365 hosted domain, double check the Admin portal as it will give you instructions on setting up the selectors properly. You can also search online for tools that will generate the proper public/private key pair. A sample DKIM entry may look something like the following:
TXT Record .dmarc._domainkey.dmarc.site v=DKIM1; t=s; p=ASDJAQWERTSDNGFDSJKassdalkre
But that only covers the DNS entry portion of the DKIM record setup. The other half is getting a DKIM signer setup on a mail server. This is where we recommend to use Microsoft 365 to host your email as you can use their detailed guide on how to get this implemented.
Once you have all of the records in place, head on over to https://appmaildev.com and just follow the instructions to test your records.