2
DKIM using CNAME records
Question asked by Jose Gomez - 1/11/2024 at 4:16 PM
Unanswered
Hey, everyone. I've seen several providers using CNAME records to configure DKIM with. Does anyone know how this can be done using SmarterMail? Thanks in advance.

5 Replies

Reply to Thread
0
Normally a DKIM is a TXT record??
0
Jose Gomez Replied
I'm aware of that. But I have clients who are using other email service providers and those providers are providing CNAME records that reference some sort of pre-created DKIM record on a different domain name. Here's what the provider who owns ccsend.com sent to my client:

Copy this information below and paste it into your hosting provider's DNS settings for your website.
 
CNAME 1 Record Name: ctct1._domainkey.<clientdomainhidden>.com
CNAME 2 Record Name: ctct2._domainkey.<clientdomainhidden>.com
 
CNAME 1 Value: 100._domainkey.dkim1.ccsend.com
CNAME 2 Value: 200._domainkey.dkim2.ccsend.com
 
If you do not already have a DMARC policy, please add the following TXT record to your domain name settings (DNS).
 
TXT record host name: _dmarc.<clientdomainhidden>.com
TXT record value: v=DMARC1; p=none;
0
Nathan Replied
If you are managing DKIM for customer domains where you do not control DNS I would suggest using CNAMEs as it decouples you from the third-party DNS in terms of rolling over keys. The CNAME should resolve to a TXT record in a domain you control to ease management.
0
Jose Gomez Replied
How would that then be entered into that customer's SmarterMail settings for their domain?
0
Nathan Replied
Unfortunately SM automagically generates the selector name so you need to attempt to enable in the domain configuration first. In a quick test it wanted to create "8DC138701E37FDF._domainKey.customerdomain.com" with the appropriate "v=DKIM1..." entry as a TXT record.

Using this example, get the client to create CNAME:

Record Name: 8DC138701E37FDF._domainKey.customerdomain.com.
Record Type: CNAME
Record Value: 8DC138701E37FDF._domainKey.isp-domain.com.

Then you create:

Record Name: 8DC138701E37FDF._domainKey.isp-domain.com.
Record Type: TXT
Record Value: "v=DKIM1; k=rsa; h=sha256; p=<<key-removed>>"

This way you could rollover the key if needed without the client updating DNS. 

Reply to Thread