DKIM/DomainKeys overview

Only Administrators with the Edit Global Email Settings permission can set up and edit DKIM/DomainKeys.

For information about permissions, see Changing User Permissions.

For information about setting up DKIM/DomainKeys in Aurea Campaign Manager, see Setting Up and Using DKIM/DomainKeys in Aurea Campaign Manager.

For information about setting up DKIM/DomainKeys in EmailLabs, see Setting Up and Using DKIM/DomainKeys in EmailLabs.

What is DKIM/DomainKeys?

  • DomainKeys is an email authentication system that email providers use to verify that a message came from you and was not altered by anyone along the way.
  • DKIM is very similar in functionality to DomainKeys, with enhancements that provide more flexibility and security.

Aurea Campaign Manager uses both DomainKeys and DKIM for compatibility with more email systems.

Why use DKIM/DomainKeys?

Using DKIM/DomainKeys is one of several ways to ensure that your messages are delivered to recipients' in boxes and to reduce the chance that someone will impersonate your domain and use it for fraudulent purposes, such as spam and phishing attacksAn identity theft scam in which a sender impersonates another company to acquire sensitive information such as usernames, passwords and credit card details..

How does DKIM/DomainKeys work?

DKIM/DomainKeys uses a digital signature to identify and verify your domain. To accomplish this, DKIM/DomainKeys creates a private key for signing messages and a matching public key for verifying that signature. The private key is stored in your outbound email server, and the public key is published in Domain Name Server (DNS)Translates a domain name into an IP address. .

When you send a message, your email system:

  1. Creates the private/public key pair.
  2. Assigns the key pair to a selectorThe name of the key pair..
TIP

For more information about selectors, see What are selectors?.

  1. Uses the private key to generate a digital signature for the message.
  2. Creates the DomainKey-Signature headerInformation that travels with every email, containing details about the sender, route, and receiver. and adds the signature to that header.
  3. Sends the message to the recipient's email system.

The receiving email system:

  1. Retrieves the public key from DNS.
  2. Verifies that the signature was generated by the matching private key.

If the keys match, the messages passes the signature test. This proves that the email was truly sent from your domain and wasn't altered along the way. After the message passes the signature test, and if other anti-spam tests don't catch it, the email system delivers the message the recipient's inbox. If the message fails the signature test, the email system can drop, flag, or quarantine the message.

What are selectors?

A selector is the name of the public/private key pair used to sign messages. You can create several selectors for each domain, but your email system will use only one of them, called the master selector, to sign messages.

Why Use Multiple Selectors?

For security reasons, you might want to periodically change your selector, similar to the way you periodically change your passwords. However, if you remove a selector and create a new one, messages that use the existing selector will fail the signature test. For example:

  • You use the s2017a selector for messages you send in 2017. On January 1, 2018, you create a new selector, s2018b for messages you send in 2018.
  • You send a message on December 31, 2017, but some recipients might open the message after January 1, 2018. If you remove the s2017a selector, the email system will no longer consider s2017a a valid key and the message will fail the signature test. However, if you keep the s2017a selector and set the s2018b as master, messages with both s2017a and s2018b selectors will pass the signature test.

Setting up DKIM/DomainKeys

If you are using the default Aurea Campaign Manager address (for example, reply-xxx@lyris5.com), your messages are automatically signed with DKIM/DomainKeys and you do not need to do anything.

If you are using your own address (for example, newsletter@yourdomain.com) or an address set up with domain masking (for example, reply-xxx@email.yourdomain.com), you need to set up DKIM/DomainKeys for each domain. When you select a domain, Aurea Campaign Manager creates the public/private key pair and a selector. You then need to publish the selector to DNS.

TIP

For instructions on setting up DKIM/DomainKeys, see Setting Up and Using DKIM/DomainKeys in Aurea Campaign Manager.