DKIM Entries

This page is accessed via Business Process Automation > Power Data > Mail Management > Mail Domains > DKIM button.

One of the primary reasons you are registering mail domains with OCI is to manage DKIM protection. DKIM instructs Mail Delivery to generate a public/private key pair for mail header signatures. When an external mailbox receives an email from a domain, it validates the email by checking the signature. 

Domain DKIM Management

Note: For a detailed overview of how to manage DKIM, see Configuring DKIM.

You can manage DKIM records on this page. This screen shows a grid of DKIM records of up to two undeleted DKIMs from OCI. The CNAME subdomain, value, and TXT value for that DKIM is abbreviated on the screen with a copy button so you can copy the data to a clipboard for DNS management. DKIM record may be deleted, placing them in a Deleting state in OCI. If the DKIM record is in active use by the email domain, OCI may hold the record for up to 24 hours to allow proper signing of outbound email. Once all DKIM records have been deleted, you can remove the mail domain. For manual DKIM rotation, you can recreate DKIM records via the Add All button. DNS updates are needed for any added DKIMs.

Adding DKIM Records

By adding two DKIM records for their Email Domains, and registering proper CNAME records for each domain, you are preparing for automatic DKIM key rotation. See Support for Automatic Key Rotation for details.

DKIM signatures require one of two records in the DNS of the mail domain:

• a CNAME record. It is the preferred method of DKIM registration.
• a TXT record. This provides the public key directly from a TXT record (of type DKIM) in the mail domain's DNS. This is the legacy method of DKIM registration and is deprecated. See Legacy TXT DKIM Support for details.

Until you add one of these records for the DKIM record registered for your domain, the DKIM status on the domain will not be green. Only when the DNS records are properly registered and propagated across the internet will the DKIM status change to green and mails become signed. This can take up to a day after DNS record additions. 

There are three strings you may need for DNS registration:

• The CNAME Subdomain. This is the domain of the CNAME record a customer adds for Oracle DKIM. Multiple services may be using DKIM to authorize sending on behalf of your domain. Each service will be represented by a CNAME record in a subdomain of the you DNS.
• The CNAME value. This is the value of the CNAME record you add for Oracle DKIM. It points back to an Oracle DNS record holding the public key for your DKIM.
• The TXT value. If you are directly adding a TXT record for his Oracle DKIM, this is the text value of the public key. This is the legacy method of DKIM registration and is deprecated.See Legacy TXT DKIM Support for details.

These values need to be copied exactly into your DNS for DKIM to succeed. Use the Copy link to copy the text so you can then paste it directly into your DNS manager.

• The Add All button will create the required number of DKIM records. If you already have enough DKIM records, you do not need to use the Add All button. When you click Add All, you are prompted to enter a DKIM Selector Prefix. The DKIM Selector Prefix defaults to the domain name and uniquely defines the DKIM selector. You can explicitly set it to have a DKIM ID or CNAME subdomain name and value identified by your organization name. If omitted, DKIMs are based on each domain migrated. If specified, a single prefix is used across all migrated domains.
• The Remove buttons lets you remove a domain if all of the DKIM entries have been removed. To remove all the rows, click Remove All. 
• There can be a delay in displaying changes you make, and the Refresh button will refresh the display to reflect those changes.