Description
Many administrators are familiar with SPF as a system to declare and verify who can send emails from a domain. In the fight against spam and phishing, SPF is not enough anymore.
DKIM (DomainKeys Identified Mail) is an email authentication system based on asymmetric cryptographic keys. A sending email server signs the message body and/or headers with a private key. A receiving email server verifies the key signature, checking for changes in the message fields. The additional identity verification includes a data integrity component using the signature keys to ensure the original message arrives intact.
The Shield Activation process provides your DKIM selector1 and selector2 values to copy into your DNS host. Below are step-by-step instructions to add these DKIM values into your DNS host.
Applies to:
Office 365 (O365), Exchange Online, DKIM
Implementing DKIM for Shield
Once Step 4 shows the DKIM values, it's time to sign into the DNS host, create CNAME values, and copy/paste the values from the Shield Activation page into the DNS host.
Copy the Host and Points to address values for selector1 from the Shield Activation page (Figure 1) into a new CNAME value (Figure 2). Then, copy the Host and Points to address values for selector2 from the Shield Activation page (Figure 1) into a new CNAME value (Figure 3).
Fig 1
Fig 2
NOTE: Ensure that the Host Name is in the format required for the DNS host. For some DNS hosts this value will be exactly what is shown on the Shield Activation page (example: shield1._domainkey.psuccess3.org) while for other hosts the domain name must be removed from the Name (example: shield1._domainkey). Disable Proxy status and ensure that TTL is set to 5 minutes then save the CNAME value.
Fig 3
NOTE: Ensure that the Host Name is in the format required for the DNS host. For some DNS hosts this value will be exactly what is shown on the Shield Activation page (example: shield2._domainkey.psuccess3.org) while for other hosts the domain name must be removed from the Name (example: shield2._domainkey). Disable Proxy status and ensure that TTL is set to 5 minutes then save the CNAME value.
Verify DKIM
After the CNAME records are added to the DNS host, click the Verify button (Figure 4) to test that the DKIM records are correct.
Fig 4
Once verification completes, click Next (Figure 5) to move on to Step 5 - Sender Policy Framework (SPF).
Fig 5
If you receive one of these errors, please follow the suggestions provided:
If you need assistance with this step, please contact the Partner Success team.
Comments