1. Using Common Features for HCM
  2. Set Up DomainKeys Identified Mail (DKIM)

Set Up DomainKeys Identified Mail (DKIM)

Use DomainKeys Identified Mail (DKIM) to verify the authenticity of email messages sent from Oracle Fusion Cloud Applications.

DKIM is a cryptographic signature-based method to authenticate email senders. With DKIM, email senders generate public and private key pairs. The public key is published to DNS records, and the matching private keys are stored in a sender's outbound email servers.

When emails are sent, the private keys generate message-specific signatures that are added to the embedded email headers. ISPs that authenticate using DKIM look up the public key in the public DNS record. ISPs can then verify that the signature in the email header was generated by the matching private key. This method ensures that an authorized sender actually sent the message, and that the message headers and content were not altered during transit.

Enabling DKIM is a manual process. You must perform this task for each individual Fusion Applications environment for which you want to use DKIM. For example, if you have five Fusion Applications environments, then you must perform this task five times.

  1. Create a service request.

    See Contact My Oracle Support.

    Use the CSI number you received in the Welcome email when logging service requests. This number identifies your organization, product information and service level agreement with Oracle Support.

  2. Include the following information in the service request.
    • Name of your Fusion Applications environment
    • From email address
    • Key size (1024 or 2048)

    Also mention Doc ID 2702234.1 (DKIM Support for Fusion Applications on OCI) in the service request.

  3. Optional: Specify a DNS selector in the service request.

    The default generated DNS selector uses this format: <env-name>-<region-code>-<date>

    For example: mycompany-iad-20210127

    A DNS selector can contain only letters, digits, periods ("."), and dashes ("-").

  4. Submit the service request.

    Oracle Support responds to your service request with a DKIM-enabled DNS record.

  5. Add the CNAME DNS record to your domain configuration and then update the service request.

    It takes up to 24 hours for Oracle to detect your latest DNS configuration and to begin signing emails using DKIM.

  6. When prompted by the support engineer, verify that the signed email messages are delivered successfully, and then update the support request.

    Oracle Support changes the From email address in your Fusion Applications environment to the new DKIM-enabled address.