The Domain Keys Identified Mail (DKIM) standard ensures outgoing emails for order notifications from the BRIKL platform are sent from your domain. DKIM uses “public key cryptography” to verify that an email message was sent from your authorized mail server.
Enhance security for outgoing email (DKIM)
The Domain Keys Identified Mail (DKIM) standard helps prevent spoofing on outgoing messages sent from your domain.
Email spoofing is when the content of emails are changed to make the messages appear from someone or somewhere other than the actual source. Spoofing is an unauthorized usage of an email. To prevent, some email servers require DKIM to avoid email spoofing.
DKIM encrypted signature protects the header of all outgoing messages. Email servers that get signed messages use DKIM to decrypt the message header, and verify the message was not fraudulently changed after it was sent.
How to setup DKIM for GMAIL
- Step 1 - Generate the domain key for your domain.
- Step 2 - Add the public key to your domain's DNS records. Email servers can use this key to verify your messages' DKIM signatures.
- Step 3 - Turn on DKIM signing to start adding a DKIM signature to all outgoing messages.
Generate A DKIM Key For Your Domain
Generate the domain key for outgoing email
We will be using the DKIM from G Suite as an example. If you are using another provider, the steps might differ slightly.
From your G Suite Admin console Home page, go to Apps > G Suite > Gmail.
Click Authenticate email.
Your primary domain will be selected by default. Click your primary domain name and select all other domains where you will want to use DKIM.
Click Generate new record
Select DKIM key bit length. If your domain host supports 2048-bit keys, we would recommend using 2048-bit as they will be more secure. If you previously used a 1024-bit key, there will be no impact when switching to a 2048-bit key.
If your domain host doesn't support 2048-bit keys, you can change the key length to 1024.Domain keys include a text string called the prefix selector which you can modify. The default prefix selector for the Gmail domain key is google. Change the prefix only if your domain already uses a DKIM key with the prefix selector google.
Click Generate.Use the text at TXT record value to update the DNS record at your domain host. Remote mail servers can get this public key from the DNS record and use it to confirm your messages from your domain.
DKIM for multiple domains
If you're setting up DKIM for more than one domain, repeat Steps 4–6 to get a DKIM key for each domain.
Add The Domain Key To Your Domain's DNS Records
For below steps, use the DKIM domain key you generated in the Admin console.
Important: If you have more than one domain, complete these steps for each domain. Use a unique DKIM key for each domain.
Sign in to the management console for your domain host.
Locate the page where you update DNS records.Subdomains: If your domain host doesn't support updating subdomain DNS records, add the record to the parent domain.
Add a TXT record:Note: If your domain provider limits the length of TXT records, go to Domain keys and TXT record limits.
- In the first field, enter the text displayed in the Admin console under DNS Host name (TXT record name).
- In the second field, enter the text string displayed in the Admin console under TXT record value.
Save your changes.
Turn On DKIM Signing
From your Admin console Home page, go to Apps > G Suite > Gmail.
Click Authenticate email.
Select the domain where you want to start email signing. The page shows the status of email signing for the selected domain.
Click Start authentication.
To verify that DKIM signing is active, send an email message to someone who is using Gmail or G Suite. You can't do this test by sending a message to yourself.
Open the message in the recipient's inbox.
Next to Reply, click More ( the three vertical dots ) click Show original.The entire message header displays.
In the message header, the line starting with DKIM-Signature confirms that DKIM signing is on. See this example, where d is the sending domain and s is the signing domain:DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; s=google;
How To Setup DKIM For Other Email Hosting Providers
Please contact BRIKL support for more information