Context Navigation

DKIM

Domain Keys Identified Mail (DKIM) is a method for reducing fraudulent email. The goal is to make it harder for a spammer or identify thief to send an email claiming to be from your email address. It works by digitally signing all outgoing email in a way that the receiving email server can verify. DKIM signed messages have an added benefit of increasing the liklihood that your email will land in the recipient's inbox instead of their junk mail folder since major email providers seem to favor DKIM signed messages.

How can I get it?

By default, all domain names that are managed by May First and configured to use May First for sending email should have DKIM signing setup already.

You can check by going to the DKIM Checker. Enter mayfirst1 for the "Selector" and enter your domain in the "Domain to verify" field. You should get a response like this one if DKIM is properly enabled:

And, when you have a working DKIM record you should be able to send yourself a message and then examine the full headers of the message (depending on your email program, look for the option to "view the source" or "view the original message"). Among all the headers you should see something like this:

 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mayfirst.org;
   s=mayfirst1; t=1653001894;
   bh=hCGTb6HAPeFctp9Kbk84eOzjDVPJlAPmqXyyusuMGs0=;
   h=Date:To:References:From:Subject:In-Reply-To:From;
   b=P4ICdzIYw7DpRDpxzqu7jOyoSHFQrdbBVG5Lf3KbcnE+3ujqb5sHnrK3YDalw6Ocs
   m+gZnUfg3kx4v++FIWIcT6CLY0I/srbi6IlV8hNeDVPkEPzFLVGUuSolNmR9CNCeus
   rcls0BrUxb2kqbQJ1xVvK25l3Vxt/wrPZryFzLhfy7s8nE6GYFOUjFGr5AOxz6HdHl
   pYvODVUBBivo9BICGEu0Myd4sdQ75YbjGqSro5GTQJgAXpyYthYdXA2UkGYQuxilp/
   fu18/N9lB+2UjWaOkwKn/n0NxK6W+F8BggS+V9gzTaOa7aP1Cg+AJQECPYsv8X1Kgx
   2pwZmEIJvWY7w==

This header is hidden from view by the user, but is carefully examined by the receiving email server to verify the authenticity of the message.

Adding via the Control Panel

If you don't have a DKIM record on your domain, you can add one by logging into the control panel.

Then, click the DNS tab on the left hand side. You should see your domain name records listed.

Click the "Add a new item" button to create a new DNS record and fill it out like the following:

Instead of "mayfirst.org", enter your domain name.

What if my domain name is handled by a different DNS provider?

You can still use May First to sign your emails! But it's a bit more complicated. In the instructions below, carefully note where some entries contain a period, and others do not, where one might be expected. Be sure to follow the pattern exactly.

Create a CNAME record at your DNS provider that links to a specially named mayfirst.info subdomain name. Using the demonstration domain example.org: at your DNS provider create a CNAME record that links mayfirst1._domainkey.example.org to mayfirst1._domainkey.exampleorg.mayfirst.info. If your DNS provider has a "Proxy" option for DNS entries (such as on CloudFlare), you must leave this option set to off (possibly disabled or bypass).
Create a DKIM record in the DNS section of your May First control panel. However, in the "Fully Qualified Domain Name field" enter: exampleorg.mayfirst.info and in the "Signing Domain" field enter example.org.

Be sure to substitute example.org with your actual domain name in both steps.

Last modified 22 months ago Last modified on Jul 8, 2022, 1:23:19 AM

Attachments (2)

dkim-checker-results.png (71.6 KB ) - added by Jamie McClelland 2 years ago.
dkim-control-panel.png (79.8 KB ) - added by Jamie McClelland 2 years ago.

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.

Download in other formats:

Plain Text