How to get the correct detail for DKIM and SPF from vendor domain to add to TXT record for our domain so vendor can send as us and not be blocked as spam.

How to get the correct detail for DKIM and SPF from vendor domain to add to TXT record for  our domain so vendor can send as us and not be blocked as spam.
Hi. thanks for looking at this problem.
An external vendor does mail outs for us.
When they do mailouts their emails sent as name@ourdomain.com get blocked since it isn't our domain sending the email.
I understand we can add their DKIM information as a TXT record to our DNS to make their domain trusted to send as us.
Do you know what detail it needs?
I have found this article
https://support.symantec.com/en_US/article.TECH132756.html

I have gotten the vendor detail from the message header of an email they have sent as us.
I can do an nslookup like this:
nslookup -type=txt "vendorselector"._domainkey."vendordomain"
and it comes back with a text record like:
v=DKIM1: p=sdfasdfafasdfasdfasdf
but there is no K or H value.
the other TXT records I have seen for DKIM have at least a K value which seems to be mostly RSA

Does anyone know if I do this kind of NSLookup and it returns that TXT record, if that is all I have to put in our DNS?

Normally I would just ask the vendor for this detail, but they don't seem to have the will to gather it.

Thanks,
Shaun
shaunwoyAsked:
Who is Participating?
 
nociSoftware EngineerCommented:
The mail sender system (to the internet at large)  signs a message, it's references must be used (it it also signs your domain).
Did you verify with the vendor domain what they require? it might be very well they require you to provide the privatekey as well.
And don't forget about the selector(s). your vendor may have many keys in use (one for each server f.e.) and possibly rotating signatures.
0
 
nociSoftware EngineerCommented:
those fields are optional, at least IF k=rsa it may be left out, if you use another value for k it might very well be that you are the only one that can validate the DKIM signing.   (and you need to implement the new encryption method.).

There are even more  options to be specified see RFC:
https://tools.ietf.org/html/rfc6376#page-53
0
 
shaunwoyAuthor Commented:
Thanks heaps noci.
So does that mean the TXT information that comes from an NSLookup on the vendor domain is all I need for the DKIM TXT record for our domain so the vendor domain can send email on our behalf?
The objective is that our email sent by the vendor isn't marked as spam.
0
 
shaunwoyAuthor Commented:
Thanks noci. The support from the vendor aren't coming back with answers so I will use the TXT result from nslookup. I appreciate your thoughts
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.