Create a DKIM TXT record

Domain Keys Identified Mail (DKIM) helps you protect your company from
email spamming and phishing attempts. It provides a method for
validating a domain name identity that is associated with a message
through cryptographic authentication.

For a complete description of DKIM, see the link to recommended DKIM sites
in the "External resources" section at the end of this article.

Note: The method described in this article differs from the way DKIM is
set up for Rackspace Hosted Email and Exchange customers. If you are a
Rackspace Email, Hosted Exchange, or Office 365 customer, contact the
Rackspace Cloud Office team for help configuring the proper DKIM, DMARC, and
SPF records.

The process of setting up DKIM involves the tasks detailed
in the following steps:

  1. Choose a DKIM selector.

  2. Generate a public-private key pair.

  3. Publish the selector and public key by creating a DKIM TXT record.

  4. Attach the token to each outgoing email.

What is a DKIM selector?

A selector is specified as an attribute for a DKIM signature and is recorded in the DKIM-Signature header field.

Because DKIM selectors give different DNS query names, the system uses the selector as an additional name component for validation. Under each domain name, there might be one too many unique DKIM DNS records associated with different selectors.

Selectors enable multiple keys under a domain name, which can provide separate signatory controls among departments, date ranges, or third parties acting on behalf of the domain name owner. No two services or products should use the same selector.

A selector can be anything you want, such as a word, number, or a string of letters and numbers.

For example, if you choose oct2019 for your selector, the domain name would
become oct2019._domain.example.com.

Before you begin

Before you log in to the control panel and create a DKIM record, there are
a couple of things that you need:

  1. Choose a simple, user-defined text string to be your DKIM selector. The
    selector is appended to the domain name to help identify the DKIM public
    key. See the previous section for more information about choosing a
    DKIM selector.

  2. Generate a public-private key pair by using a tool such as ssh-keygen on
    Linux or PuTTYgen on Windows. For help creating key pairs, see
    Generate RSA keys with SSH by using PuTTYgen.

Create a DKIM TXT record

Use the following steps to create a DKIM TXT record in the Cloud Control
Panel:

  1. Log in to the Cloud Control Panel.

  2. In the top navigation bar, click Select a Product > Rackspace Cloud.

  3. Select Networking > Cloud DNS.

  4. Click the gear icon next to the name of an existing domain and
    select Add DNS Record.

  5. In the pop-up dialog box, select TXT Record as the record type.

  6. In the Hostname text box, enter the selector text string that you chose
    in Step 1, followed by the literal string ._domainkey. For example, if you
    use the default as the text string, you enter default._domainkey in the
    Hostname text box.

  7. Expand the Text box by dragging the corner, and then enter the
    following information, pasting the public key that you generated in the
    previous section after the p= prompt:

    v=DKIM1; p=yourPublicKey
    

    When you finish, the TXT record looks similar to the following
    example:

  8. Click Add Record.

The DKIM TXT record is added to your domain.

For instructions about attaching the token to your outgoing email, see the
Specification section at DKIMcore.org.

Related articles

External resources