Recent searches


No recent searches

How do I know if my DKIM records are configured correctly?



image avatar

Ryan Winkler

Zendesk Product Manager

Edited Aug 21, 2024


2

4

4 comments

Hi there,  I have setup the DKIM CNAME records as per your advice, but it is not working. How do I resolve this now?

0


image avatar

Cheeny Aban

Zendesk Customer Care

Hi Customer Support, 

Were you able to test your DKIM on the suggested site or on another similar site? If yes and no issue has been detected. I highly suggest that you initiate a conversation with us so we can dig deeper into your account. 

I hope that helps!

0


 have a question why we are creating 2 CNames not only 1 ?
Charles Nadeau  Ryan Winkler  

0


image avatar

Destiny

Zendesk Customer Care

Hi there,
 
I appreciate your question about the 2 CNAMES for DKIM configuration. 
 
The use of two CNAME (Canonical Name) records for DKIM (DomainKeys Identified Mail) is generally implemented to provide redundancy and enhance security for email authentication. Each CNAME record corresponds to a different DKIM selector. In the case of zendesk1 and zendesk2, these are two distinct selectors that represent separate cryptographic keys for signing emails. 
 
Here are the main reasons for setting up two CNAME records for DKIM:
 
  1. Redundancy and Reliability: By having two selectors, you ensure that if there's a problem with one key, you can swiftly switch to the second one without any downtime. This provides a backup that enhances email delivery reliability.
     
  2. Key Rotation: Security best practices suggest that DKIM keys should be rotated periodically to prevent the weakening of security over time. Having two selectors allows you to rotate the keys easily by phasing out the old key with one selector and introducing the new key with the other selector without interrupting email authentication.
     
  3. Flexibility during DNS propagation: When you update a DKIM key, DNS changes can take some time to propagate. With two selectors, one can start using the new key while the other is still using the old one, ensuring continuous email verification during this period.
     
  4. Protection Against Compromise: If a DKIM key is somehow compromised, having a second key ensures that you can continue to send authenticated emails using the uncompromised key until the issue is resolved.
     
  5. Compliance with sending policies: If you use multiple sending services or policies, each one might require its own DKIM selector to sign emails, ensuring adherence to domain sending policies.
 
I hope this information helps. 
 

0


Please sign in to leave a comment.