DKIM DomainKeys Identified Mail
DKIM is a method enabling your receivers to make sure the message they received is coming from your own domain name.
Since AcyMailing 1.7.0, we propose in our commercial versions a way to sign your messages using DKIM (AcyMailing will add a DKIM signature to each message).
If your mail server already handles a DKIM signature or if there is a way to enable this DKIM signature on your server without using the AcyMailing one, then you should NOT use the AcyMailing DKIM signature but configure the one you have on your server.
Cpanel, Plesk, Sendmail, Postfix, QMail will enable you to handle a DKIM signature automatically.
The same way, if you already use an SMTP server which handles DKIM, you should not enable the AcyMailing DKIM signature.
First of all, you will have to generate a public key and a private key.
The private key will be then added to AcyMailing and the public key will be added to your DNS records.
When you send an e-mail, AcyMailing will encode the message using the private key which can be decoded using the public key (publicly visible on your DNS).
Since AcyMailing 4.1.0, we automatically generate keys during the install process so the only thing you have to do is to add a TXT entry on your DNS with the Key/Value specified on the AcyMailing configuration page.
AcyMailing will automatically use your domain name to create the DKIM. So you should not change the default value displayed in the domain field (it should be your own domain).
You should now add the generated DNS record on your own DNS via your hosting company interface.
Don't forget to increment the number of your DNS zone and to make sure the changes are applied.
If you don't know how to do that, please ask your hosting company to add the provided DNS record.
You may be able to access this kind of interface in which case you should fill each field separately:
- On DirectAdmin, you should insert your DNS entry on the "TXT" line and then click on the button "Add".
You should not use the "add a DKIM entry" interface on OVH but rather add a simple TXT entry:
- Click on "Domain & DNS" then "Zone DNS"
- Add a record "Type TXT"
- Enter the generated entry
- Login to your GoDaddy Control Panel, select your domain and access your Settings -> DNS Manager
- Scroll down to the TXT (Text) area of your DNS and add a new key with
- Host : acy._domainkey
- TXT Value : v=DKIM;k=rsa;g=*;s=email...
- Then click on the button "Save Zone File" to apply your newly created entry
Before even trying to send an e-mail, you should make sure your DNS record has been added properly to your website.
Please use the tool at http://dkimcore.org/tools/keycheck.html to check it.
By default, AcyMailing use "acy" as selector.
If the previous service returns a success status and you saved your AcyMailing configuration with the DKIM parameters, then your e-mails will be automatically signed!
GMail recently modified its DKIM verification and will consider a 512bit DKIM key as unsecured.
We added this extra test on our spam test tool and you may see the message "Your DKIM key is not strong enough" in which case you should re-generate your keys.
To re-generate your keys with the latest version of AcyMailing, you should:
- Access the AcyMailing configuration page, check the "Let me enter my own keys" box.
- Click on the button "Apply" to save the configuration.
- You will now see your keys and you should delete both the public and private keys (select the text inside these areas and delete it).
- Click on the button "Save" to save the configuration.
- AcyMailing will now re-generate your keys with 1024bits.
- Click again on the save button.
- Your new keys are now saved and you should now modify your TXT record on your DNS to add the new value.
It takes a few hours for your new DNS entry to be fully propagated... Each time you modify your DNS please wait two hours before doing a new test.
You carefully followed this article but your signature is still not valid?
- You should first make sure your public DKIM key is added to your DNS and is accessible.
Please remember it takes time for your DNS to apply modifications, always wait at least 4 hours before doing a new test after modifying your DNS.
No need to look somewhere else if your public DKIM key is not valid or not applied, you should focus on that (Did you edit the right DNS? Are the modifications applied?)
- Did you turn ON the option to embed pictures via the Acy configuration page?
If so, the DKIM signature may fail, you should turn this option OFF.
- If you added attachments, please remove them, it may be the reason why the signature is not valid.
- In case of your public DKIM key is found on your DNS and appears as a valid key but your signature is still not valid, your mail server may have changed a bit the content of the message after Acy added its signature... and if it's the case, your signature will fail.
Most of the time, the mail server changes the encoding format. You should change your encoding format in AcyMailing to quoted-printable instead of 8bit to prevent this kind of modification by your server.
- Still not valid? Make sure you don't use special characters in the "From" field.