Overview
This article is an overview of DKIM email records and how to manage them at DreamHost.
Background
DKIM is a way of signing emails to prove they came from you. It is a form of email authentication that works via a digital signature and makes it easier to identify spoofed emails. The sending mail server signs the email with the private key, and the receiving mail server uses the public key in the domain's DNS information to verify the signature. One domain can have several DKIM keys publicly listed in DNS, but each matching private key is only on one mail server.
DKIM signing can only be done by the mail server. When you send emails through the mail server using webmail, an email client, or any SMTP form, they are automatically signed.
If your website sends emails and doesn't use SMTP, those emails will not be DKIM signed. To ensure DKIM is used, make sure to enable SMTP authentication whenever sending mail from a website form.
Example of a DKIM record
If you're using a regular DreamHost-hosted mail service, all the pieces used by DKIM are already in place. DreamHost automatically makes the DKIM DNS record for all domains and subdomains that use DreamHost email.
To view your DKIM records, navigate to the Manage Websites page and open the DNS Settings page:
The DreamHost mail server DKIM record will look like this, identifiable by _domainkey in the record and type TXT:
Name | Type | Value |
---|---|---|
dreamhost._domainkey | TXT | k=rsa; t=y; p=qMQDy8aI0BIskx4Mld4UoU7dCtAYy1ksUnCOHhS4Vlw+K1H7LjOAwoz3QuAvgJA8QN09qQNEGkk0/RlzloWBgHcNwsOyJhfmOWLUDRwEzs+SmkvaD/68fPb/CirMRdG4vOeJBT1hvWB1LA7BHBkbSYVwe3nnuLebRnKSoW6ADk+QAaR90uARQEUp6XNB8hVOIfVXSiYFoGICAmUGpGJKkmN1RpE+6CgIOZWGF2Dt74AizO4kmbHAk87+VcLbqx2oeQKfQyAe2PFVQd3RssYx+ywrwsOkAtVcPOlAoMA9AxGezg5rqr9ev0z8pIEK1ONZ3gZld7BEM8EA9Dl9AWG+vhtdDtvxfqocdEPS0PbT1vR5fqAXKX8FYrKQFagdejgKNKsVIEK+ |
FAQS
What is the DKIM key length?
-
DreamHost supports 2048-bit DKIM keys.
What if my nameservers aren't hosted at DreamHost?
-
If you're using DreamHost-hosted mail service but not DreamHost's nameservers, you'll need to take the DKIM DNS records from the DreamHost panel and enter them into the system where your domain's DNS is currently managed.
What if my email isn’t hosted at DreamHost?
-
If you're using another mail provider for your domain's mail service, that mail provider may offer DKIM signing. If you send email through other mail servers, such as a mass-mailing service, those servers may provide DKIM signing too. Contact them to see if they offer DKIM and if they can provide the DNS entries to you. For example:
Be careful when copying and pasting the DNS records into the panel, and make sure that there are no spaces in the key itself. Even though the DNS records will be accepted in the DreamHost panel, your emails will fail the DKIM check if the key contains spaces.
How do I add a custom DKIM record?
-
DKIM records are created by adding a new TXT record in the DreamHost panel.
Can I add multiple DKIM records?
-
A domain can have as many DKIM public keys as servers that send and sign mail.
There are two types of DKIM DNS records:
- The policy record contains information about the DKIM signing policy and the email address of the postmaster. There should only ever be one of these.
- The DKIM DNS record with a long string of characters is the public signing key. A domain can have many of these as it has servers with private keys that sign emails. Each of these should have a selector that uniquely identifies it. If there is just one, it may have no selector at all, just _domainkey. Additional records would use selectors to keep them all separated, for example, list._domainkey and bananas._domainkey.
Selectors are how receiving servers know which public key to use for an email and which corresponding private key was used to sign the email. DreamHost recommends that you use the selector suggested by your mail provider or one that is easily identifiable by you. More information about selectors and DKIM DNS records can be found on the following pages:
Can I use DKIM with sendmail and PHP Mail?
-
DKIM settings are not enabled if you're using Sendmail or PHP Mail to send email. This means that if you use a WordPress newsletter plugin that sends email via sendmail or PHP Mail, you have two options to use DKIM records:
- Configure WordPress to use SMTP when sending email. Some newsletter and contact form plugins have SMTP built-in, or there are plugins that add SMTP support to WordPress.
- Manually install and configure DKIM. You can install it yourself on your Dedicated Server with an admin user or DreamCompute. Please note that DreamHost is unable to provide any support regarding manually-installed DKIM software.