DKIM is an email authentication protocol designed to detect forged from email addresses. Theses protocols were intended to protect the end email receiver against phishing emails and other harmful scams. The protocol allows email exchange to verify that the sender (from address) of the email, is indeed the sender. To achieve this, two corresponding keys are generated, a private key used for signing emails, and a public key used by email exchanges to verify the signature.
Setting up DKIM in our software should be leveraged only when modifying the from address in our email settings (e.g. sent emails from our system will show your specific email address instead of ‘[email protected]’). Setting this up will help the server understand that your IdeaScale community is sending legit emails.
**It is important to understand that you cannot set this up alone – you will need to contact you Innovation Advisor.
Steps to Set-up:
Client needs to provide IdeaScale:
- The domain you wish you use (e.g. gmail.com)
- The ‘from email address’ you wish to use
Client steps to take:
- IdeaScale will provide you with the DNS values you will need to put on your server (the server is not something that IdeaScale has access to, we recommend contacting your IT person if necessary)
IdeaScale steps to take:
- Provide client with the DNS value, DNS Host/Name, and DNS Type that they will have to add in to their private server
- IdeaScale to plug in ‘from email address’
- IdeaScale to add in the ‘Selector’
It's up to the user to ensure the Selector and Public Key are registered in DNS for proper DKIM implementation. The DNS registration may be tested by selecting 'verify' in the DKIM configuration list view shown further above. With this configuration, all outbound email using the from address domain 'gmail.com' will be signed with the private key and selector.
Sample DNS (adjusted email "from" domain is example.com, actual sending domain is ideascale.me) entries at example.com:
- SPF DNS Type: TXTDNS Host/Name: @DNS Value: v=spf1 mx a ptr ip4:127.0.0.1 a:mail.ideascale.me include:mail.ideascale.me ?all
- DKIM DNS Type: TXTDNS Host/Name: default._domainkeyDNS Value: v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3... (this is the actual public key)
When updating general email settings From address, the system will now warn the user if a DKIM configuration is NOT present for given domain. This warning will not prevent saving of said email from address, and will omit dkim signature for all outbound emails for given email from address.