Solved

Where to create DKIM entry ?

Posted on 2016-08-01
7
84 Views
Last Modified: 2016-08-31
People,

Can anyone here please sahre some steps to secure my new custom email domain ?

MyCustom.com domain to authenticate mailchimp.com:

DKIM: Create a CNAME record for k1._domainkey.MyCustom.com with this value:
dkim.mcsv.net
SPF: Create a TXT record for MyCustom.com with:
v=spf1 include:servers.mcsv.net ?all

Open in new window


Where can I enter this information in my DNS server or in the Exchange Server ?
0
Comment
  • 4
  • 3
7 Comments
 
LVL 16

Accepted Solution

by:
Learnctx earned 500 total points
ID: 41737205
You do all of this on your DNS server hosting your zone info for the domain. Assuming you're using a Windows DNS server? If so, in dnsmgmt.msc:

1. Select MyCustom.com.
2. Right click and create a domain under MyCustom.com called _domainkey
3. In the _domainkey sub domain create an alias (CNAME) record k1 pointing to "dkim.mcsv.net.". Yes include the root on the end.
4. Done.

If you lookup dkim.mcsv.net:

nslookup -type=txt dkim.mcsv.net.

Open in new window

You will return to DKIM record.

k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ft
dAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUoNyIR4Bn84LV
cfZE20rmDeXQblIupNWBqLXM1Q+VieI/eZu/7k9/vOkLSaQQdml4Cv8lb3PcnluMVIhQIDAQAB;

To create the SPF, in the root of MyCustom.com, create a new text record (TXT, you will find it under Other records when you right click) with a value of:

v=spf1 include:servers.mcsv.net ?all

This is a same as parent record so you just need to provide the data not a record name.

If you are not using a Windows DNS server, then you need to do the same using the interface your DNS provider has given you. Most providers/registrars will have a help guide around creating records.
1
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41737250
Hi LearnCTX,

Does it means I should be doing this on my internal AD integrated DNS server or the external DNS server managed by the ISP for my public IP address which hold the MX records of all my email servers ?
0
 
LVL 16

Assisted Solution

by:Learnctx
Learnctx earned 500 total points
ID: 41737377
Always external DNS records. These need to be publicly resolvable. The DKIP and SPF records are used for authorising others to send mail on your behalf.

When you're done setting this up you can check your settings with the links below.

DKIM: https://mxtoolbox.com/SuperTool.aspx?action=dkim%3aMyCustom.com%3ak1&run=toolpage
SPF: https://mxtoolbox.com/SuperTool.aspx?action=spf%3aMyCustom.com&run=toolpage
1
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41738180
LearnCTX,

Well if that's the case, I will then need to ask my ISP to configure it for me.

Because my AD integrated DNS is just for internal AD domain only.
0
 
LVL 16

Expert Comment

by:Learnctx
ID: 41738299
It sounds like it if they run your DNS as a managed service on your behalf.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41738303
yes, because all of the DNS servers in my environemnt are windows server behind the firewall.
No DMZ DNS server.
0
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
ID: 41779052
Thanks !
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now