Solved

Where to create DKIM entry ?

Posted on 2016-08-01
7
166 Views
Last Modified: 2016-08-31
People,

Can anyone here please sahre some steps to secure my new custom email domain ?

MyCustom.com domain to authenticate mailchimp.com:

DKIM: Create a CNAME record for k1._domainkey.MyCustom.com with this value:
dkim.mcsv.net
SPF: Create a TXT record for MyCustom.com with:
v=spf1 include:servers.mcsv.net ?all

Open in new window


Where can I enter this information in my DNS server or in the Exchange Server ?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 17

Accepted Solution

by:
Learnctx earned 500 total points
ID: 41737205
You do all of this on your DNS server hosting your zone info for the domain. Assuming you're using a Windows DNS server? If so, in dnsmgmt.msc:

1. Select MyCustom.com.
2. Right click and create a domain under MyCustom.com called _domainkey
3. In the _domainkey sub domain create an alias (CNAME) record k1 pointing to "dkim.mcsv.net.". Yes include the root on the end.
4. Done.

If you lookup dkim.mcsv.net:

nslookup -type=txt dkim.mcsv.net.

Open in new window

You will return to DKIM record.

k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ft
dAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUoNyIR4Bn84LV
cfZE20rmDeXQblIupNWBqLXM1Q+VieI/eZu/7k9/vOkLSaQQdml4Cv8lb3PcnluMVIhQIDAQAB;

To create the SPF, in the root of MyCustom.com, create a new text record (TXT, you will find it under Other records when you right click) with a value of:

v=spf1 include:servers.mcsv.net ?all

This is a same as parent record so you just need to provide the data not a record name.

If you are not using a Windows DNS server, then you need to do the same using the interface your DNS provider has given you. Most providers/registrars will have a help guide around creating records.
1
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41737250
Hi LearnCTX,

Does it means I should be doing this on my internal AD integrated DNS server or the external DNS server managed by the ISP for my public IP address which hold the MX records of all my email servers ?
0
 
LVL 17

Assisted Solution

by:Learnctx
Learnctx earned 500 total points
ID: 41737377
Always external DNS records. These need to be publicly resolvable. The DKIP and SPF records are used for authorising others to send mail on your behalf.

When you're done setting this up you can check your settings with the links below.

DKIM: https://mxtoolbox.com/SuperTool.aspx?action=dkim%3aMyCustom.com%3ak1&run=toolpage
SPF: https://mxtoolbox.com/SuperTool.aspx?action=spf%3aMyCustom.com&run=toolpage
1
Do you have a plan for Continuity?

It's inevitable. People leave organizations creating a gap in your service. That's where Percona comes in.

See how Pepper.com relies on Percona to:
-Manage their database
-Guarantee data safety and protection
-Provide database expertise that is available for any situation

 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41738180
LearnCTX,

Well if that's the case, I will then need to ask my ISP to configure it for me.

Because my AD integrated DNS is just for internal AD domain only.
0
 
LVL 17

Expert Comment

by:Learnctx
ID: 41738299
It sounds like it if they run your DNS as a managed service on your behalf.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41738303
yes, because all of the DNS servers in my environemnt are windows server behind the firewall.
No DMZ DNS server.
0
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 41779052
Thanks !
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question