Enter Domain Keys in NetSuite


For campaigns and bulk email, if you set up multiple domain keys NetSuite will automatically select the best possible key based on the sender’s domain. For more information, see Campaign Email Domains.

A user with an Administrator role or a user with the Full level of the Set Up Company permission can perform the following procedure.

To enter Domain Keys in your NetSuite account:

  1. Go to Setup > Company > Email > Email Preferences.

  2. Click the Domain Keys subtab.

  3. In the Domain Selector field, enter the first domain selector. The number of DKIM selectors is limited to one selector per email domain. If you are sharing an email domain between multiple production accounts, use one selector for the shared email domain. Configure that same selector in each account that uses the same email domain.

    When naming domain selectors, follow the specifications outlined in RFC 6376 Section 3.1 Selectors and RFC 1035 Section 2.3.1 Preferred name syntax. A few suggestions for naming domain selectors based on these RFCs:

    • The domain selector name (label) must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and a hyphen.

      • Attempting to name a selector beginning with a digit results in an error message that the DKIM selector name is invalid. The record cannot be saved.

      • Valid digits (numbers) are 0 through 9.

      • Both uppercase and lowercase letters are allowed, but no significance is attached to the case of the letter.

      • If using a hyphen as an interior character in the domain selector name, ensure that the character is a hyphen (Unicode U+2010) and not a different character that may look similar to a hyphen.

    • The domain selector name must be 63 characters or less.

    A suggested best practice is to structure the domain selector name to include information such as the purpose, the owner, and the creation date.

    For example, to meet the criteria specified in the RFCs, dec2020-netsuite is a name you could enter in the Domain Selector field in NetSuite.

  4. In the Domain Name field, enter the domain name you are using to send DKIM-signed email from NetSuite. For example, if the email address from which you are sending DKIM signed email is jwolfe@wolfeelectronics.com, the domain is wolfeelectronics.com. An email address from this domain can appear in the From header.

  5. Enter the Private and Public domain keys (in PEM format) used for signing in one of the following ways:

    • If you have used the same domain keys with another application, enter the domain keys manually.

    • If you have not generated a domain key for this domain previously, click Generate Key Pairs to have NetSuite generate them for you.

    You need the public domain key to set up your domain with a domain hosting service.

  6. After entering the domain keys, click Generated DNS Entry. Your complete, properly formatted DNS entry is shown in a popup window. Copy this DNS entry. Do not close the browser window.


    When a domain is shared by more than one NetSuite account, a message is displayed on the Domain Keys subtab indicting that the email domain is used by other NetSuite accounts. If the DKIM configuration needs to be modified, the customer must contact NetSuite Customer Support.

  7. Complete the following Set Up a DNS Text Record procedure with your domain provider within 14 days after entering domain keys in NetSuite.


If you do not complete the Set Up a DNS Text Record within 14 days, the From header of email sent from that particular domain will continue to be rewritten. For more information, see From Headers in Email Can Be Rewritten.

Related Topics

Procedures to Set Up DKIM for the First Time in Your Account
Set Up a DNS Text Record
Activate DKIM Keys in NetSuite
Verify Your DKIM Setup

General Notices