Follow

Enable DKIM Signing

DKIM signing will encrypt a digital signature on outgoing emails that recipients can check and verify that emails they are receiving from your domain are indeed from you. This is primarily a method to prevent against malicious third parties spoofing your email addresses, and pretending to be you.

 

The steps to achieve this are:

  1. Creating a key
  2. Adding DNS records
  3. Turning on DKIM signing

 

Creating a Key
 

To create a key, you first need to log into the administrator portal at https://messageprotect.onenet.co.nz/

(if you are unsure how, please see: How do I log in to Message Protect for my company? )

 

In this web portal, follow these steps:

  • Go to 'System Configuration' on the left.
  • Then to 'Domains'.
  • Select the domain you wish to add DKIM for, and then select 'Edit' up the top.
  • Select the 'DKIM' tab along the top.
  • Click 'Add'.
  • Fill out the 'Selector' and 'Key Length' options, and then click 'Generate' up the top.
    • If you are unsure, we usually use 'ON1' as the Selector, and 1024 as the key length which is the most universally compatible.
  • This will give you a 'DNS Name', and a 'DNS Record' to make note of, copy these down.
    • These are fairly public, so do not need to be stored somewhere secure, just somewhere you can grab them for later.
    • Note: The DATA should have no spaces or line breaks, when copying out of the SPE interface you may need to remove line breaks before adding this into DNS.
       
  • Select 'Save' up the top to save your key, and then 'Save' again to save your domain settings and get back to your list of domains.

 

Adding DNS Records
 

Using the DNS Name and DNS record you set up in step 1, add these as a TXT record in the DNS for your domain. As every domain host is different, we can't show you exactly how your domain host interface will look or need to be entered, however it should look like the following.

 

NAME: ON1._domainkey.[domain name] 
RECORD TYPE: TXT
DATA: v=DKIM1;p=[long string of text]

 

After adding this, we recommend verifying this is correct and propagating out. The best way to do this is as follows.

  • Log back into the admin portal from step 1, and go through the same steps until you are on the DKIM tab again. This should look like this:
  • Highlight the key you created (ON1 in the example above) and then select 'Properties'.
  • Check the 'DNS Query' box which will tell you if the system has been able to see the DNS record. A successful result will look like this:
  • If you are having any trouble, feel free to contact our support team for help.

 

Turning on DKIM Signing
 

 

Note: If the above steps have not been carried out successfully, this may cause issues with mail delivery, so if you are unsure at any point please contact our support team for help.

 

  • Log back into the admin portal from step 1, and go through the same steps until you are on the DKIM tab again. This should look like this:
  • Highlight the key you created (ON1 in the example above) and then select 'Toggle Active' to turn this on.
  • Select 'Save' up the top again, to save your changes and take you back to the domains list.
  • If you see a tick in the 'DKIM' column next to your domain in the domains list, then it is now active and will be applied on outbound emails within the next 15 minutes.
  • If you need to turn it off at any point, simply 'Toggle Active' and 'Save' again to disable this

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk