Configuring DKIM

Learn how to configure Domain Keys Identified Mail (DKIM) to verify that an email is sent and authorized by the owner of the sender's domain.

DKIM is set up within DNS records to facilitate verification of digital signing of emails.

Using the Console

  1. Open the navigation menu and click Developer Services. Under Application Integration, click Email Delivery. In the Email Delivery menu, click Email Domains.
  2. Click the name of the email domain where you want to configure DKIM.
  3. Click Add DKIM.
  4. In the DKIM Selector field, enter a selector to be used for this particular DKIM key. All selectors need to be globally unique for your domain.

    We suggest using a regional indicator (region key or region identifier) and date portion as part of the selector, such as 'prefix-region-YYYYMMDD'. For example, oracle-ap-sydney-1-20220331. The date is useful for future key rotation. The DKIM selector can contain only up to 63 lowercase alphanumeric characters (a-z, 0-9) with dashes, and needs to start with a lowercase letter.

    For more information about regional keys and region identifiers, see Regions and Availability Domains.

  5. Click Generate DKIM Record to generate the DKIM record. The system generates a CNAME record and value that can be used in your DNS set up for your email domain.
  6. Copy the CNAME record and CNAME value for your DNS set up.
  7. Click Done.

    Email Delivery supports a maximum of two DKIM keys per email domain, however, only one DKIM record will be used for signing for your domain at a time. It is recommended that you rotate your keys every six months.

  8. To verify SPF and DKIM are configured, go to the Email Domain Details page and use the SPF and DKIM verification feature to confirm your DNS is configured correctly. For more information, see Configuration of DKIM within OCI Email Delivery.