Managing DKIM

Manage email domains with Domain Keys Identified Mail (DKIM).

DKIM is an authentication framework that allows verification of the source and contents of messages by Mail Transfer Agents (MTAs). With DKIM, a signer can cryptographically sign an email message for a domain, claiming responsibility for its authenticity. The recipient verifies the signature by querying the signing domain for the public key to confirm that the signature was created with the matching private key.

DKIM-Signature is an email header field that contains all the signature and key-fetching data. This header value contains tags with specific details about the email message, such as the signing domain where the verifier can find the public key ("d") and the specific header fields as of signing ("h"). These tags protect the integrity of the email message, proving that it's from a legitimate source and that the signed contents haven't been tampered with. Thus, DKIM can protect a domain from being spoofed for the proliferation of spam or in a phishing attempt.

The following is an example of a DKIM-Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-fra-20191115;;

One DKIM key can be active for your email domain at a time. You can set up DKIM keys in the Console and denote one record to be the active DKIM key to sign your emails with.

For more information about DKIM, see:

Using the API

For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.

Use the following operations to manage email domains: