Skip to content

Commit e463e31

Browse files
authored
Merge pull request #7427 from ovh/SK-1879-WEB-Domain-DKIM-API_review
SK-1879-WEB-Domain-DKIM-API_review+DKIM_auto_MXplan
2 parents f5ba9aa + b622aae commit e463e31

File tree

18 files changed

+1448
-814
lines changed

18 files changed

+1448
-814
lines changed
56.1 KB
Loading
89.9 KB
Loading
Loading

pages/web_cloud/domains/dns_zone_dkim/guide.de-de.md

Lines changed: 130 additions & 84 deletions
Large diffs are not rendered by default.

pages/web_cloud/domains/dns_zone_dkim/guide.en-asia.md

Lines changed: 59 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,18 @@
11
---
22
title: How to improve email security with a DKIM record
33
excerpt: Find out how to configure a DKIM record on your OVHcloud domain name and email platform
4-
updated: 2024-07-05
4+
updated: 2025-01-22
55
---
66

7+
<style>
8+
.w-400 {
9+
max-width:400px !important;
10+
}
11+
.h-600 {
12+
max-height:600px !important;
13+
}
14+
</style>
15+
716
<style>
817
pre {
918
font-size: 14px !important;
@@ -59,6 +68,7 @@ The DKIM (**D**omain**K**eys **I**dentified **M**ail) record allows you to sign
5968
- [Why do we need to configure DNS servers?](#dns-and-dkim)
6069
- [Example of an email sent using DKIM](#example)
6170
- [What is a DKIM selector?](#selector)
71+
- [Configuring DKIM automatically for an OVHcloud Exchange or Email Pro solution](#auto-dkim)
6272
- [Configuring DKIM automatically for an OVHcloud email solution](#auto-dkim)
6373
- [Configuring DKIM manually for an OVHcloud Email or OVHcloud solution](#internal-dkim)
6474
- [Full DKIM configuration](#firststep)
@@ -84,7 +94,7 @@ The principle of a **hash function** is to generate a **signature** (also called
8494

8595
On the following diagram, you can see that the output will always be 32 characters using a MD5 (**M**essage **D**igest **5**) hash algorithm, while the input text may vary in size. The slightest character variation in input data completely changes the output hash, making the output signature unpredictable and tamper-proof. In the example below, the input value is passed into the MD5 hash algorithm and the output is its hash value.
8696

87-
![hash](/pages/assets/schemas/emails/dns-dkim-hash01.png){.thumbnail}
97+
![hash](/pages/assets/schemas/emails/dns-dkim-hash01.png){.thumbnail .w-400 .h-600}
8898

8999
The hash function is useful when you want to check the integrity of a message. Different but similar looking input data will produce a completely different hash value with an equal length of characters in output, regardless of the input length.
90100

@@ -98,11 +108,11 @@ There are two uses for asymmetric encryption:
98108

99109
- **The input data is encrypted with the public key and decrypted by the owner of the private key**. For example, you want a third party to send you data securely. You transmit your public key without worrying about someone getting it. This third party will encrypt their data with your public key. Encrypted data can only be decrypted by the private key owner.
100110

101-
![hash](/pages/assets/schemas/emails/dns-dkim-crypto01.png){.thumbnail}
111+
![hash](/pages/assets/schemas/emails/dns-dkim-crypto01.png){.thumbnail .w-400 .h-600}
102112

103113
- **The input data is encrypted by the private key owner and decrypted by the public key**. This use applies to authenticate a data exchange. For example, your recipients want to ensure that you are the author of the message you send them. In this case, you will encrypt your message with your private key. This message can only be decrypted by the public key that you have transmitted to everyone, which guarantees your recipients the authenticity of your message. A message decrypted by the public key can only come from the owner of the private key.
104114

105-
![hash](/pages/assets/schemas/emails/dns-dkim-crypto02.png){.thumbnail}
115+
![hash](/pages/assets/schemas/emails/dns-dkim-crypto02.png){.thumbnail .w-400 .h-600}
106116

107117
#### How are hashing and asymmetric encryption used for DKIM? <a name="encrypt-and-hash"></a>
108118

@@ -131,11 +141,44 @@ The value of this selector is `s=ovhex123456-selector1`.
131141

132142
When you send an email from **[email protected]**, a signature encrypted with a private key is added to the email header.
133143

134-
![email](/pages/assets/schemas/emails/dns-dkim-send.gif){.thumbnail}
144+
![email](/pages/assets/schemas/emails/dns-dkim-send.gif){.thumbnail .w-400 .h-600}
135145

136146
The recipient **[email protected]** can decrypt this signature with the public key visible in the DNS zone of **mydomain.ovh**. The signature is created from the content of the email sent. This means that if the email is modified during transit, the signature will not match with the content and this will cause the DKIM check on the destination server to fail.
137147

138-
![email](/pages/assets/schemas/emails/dns-dkim-receive.gif){.thumbnail}
148+
![email](/pages/assets/schemas/emails/dns-dkim-receive.gif){.thumbnail .w-400 .h-600}
149+
150+
### Configuring DKIM automatically for an OVHcloud Exchange or Email Pro solution <a name="auto-dkim"></a>
151+
152+
The automatic configuration of DKIM is accessible for an email solution MX Plan (included with a [Web Cloud hosting plan](/links/web/hosting)).
153+
154+
By default, the DKIM is not activated when you add a domain name to your platform. You will need to launch the automatic configuration process via the OVHcloud Control Panel.
155+
156+
In your [OVHcloud Control Panel](/links/manager), in the `Web Cloud`{.action} tab, click `Emails`{.action} , then click on the domain name concerned. Finally, go to the `General information`{.action} tab.
157+
158+
In the **General informations** box, you can see that the `DKIM` box is red with the **Diagnostic**.
159+
160+
![email](/pages/assets/screens/control_panel/product-selection/web-cloud/emails/general-information/dkim-auto01.png){.thumbnail .w-400 .h-600}
161+
162+
To activate the DKIM, simply click on the red `DKIM` box, then `Confirm`{.action} in the activation window that pops up.
163+
164+
![email](/pages/assets/screens/control_panel/product-selection/web-cloud/microsoft/exchange/associated-domains/dkim-auto02.png){.thumbnail .w-400 .h-600}
165+
166+
> [!primary]
167+
>
168+
> **Emails (MX Plan)**
169+
>
170+
> If your domain name is not managed in the same OVHcloud Control Panel as your email platform, or registered outside of OVHcloud, you will see the window below:
171+
>
172+
> ![email](/pages/assets/screens/control_panel/product-selection/web-cloud/emails/general-information/dkim-auto02.png){.thumbnail .w-400 .h-600}
173+
>
174+
> This prompts you to enter two CNAME values in the domain name’s DNS zone, which enables you to link this domain name to the DKIM selectors of your email service. You will need to enter these values and ensure that they are propagated before clicking `Enable`{.action}.
175+
>
176+
177+
The automatic activation of the DKIM takes between 30 minutes and 24 hours. To check that your DKIM is functional, simply go back to the `General information`{.action} or the `Associated domains`{.action} tab of your email platform and make sure that the `DKIM` box has turned green.
178+
179+
![email](/pages/assets/screens/control_panel/product-selection/web-cloud/microsoft/exchange/associated-domains/dkim-auto03.png){.thumbnail .w-400 .h-600}
180+
181+
After 24 hours, if your `DKIM` box is red, please refer to the section [“Why does DKIM not work and appear in red in the OVHcloud Control Panel?”](#reddkim) of this guide.
139182

140183
### Configuring DKIM manually for an OVHcloud Email solution <a name="internal-dkim"></a>
141184

@@ -147,7 +190,7 @@ To configure DKIM, go to the website <https://ca.api.ovh.com/console/>, log in u
147190
148191
Go to the API section `/email/domain/`. Type "dkim" in the `Filter` box to display only the endpoints related to the DKIM.
149192

150-
![email](/pages/assets/screens/api/get-email-domain-domain-dkim.png){.thumbnail}
193+
![email](/pages/assets/screens/api/get-email-domain-domain-dkim.png){.thumbnail .w-400 .h-600}
151194

152195
##### **For Emails (MX Plan)** <a name="confemail"></a>
153196

@@ -163,7 +206,7 @@ Follow the **5 steps** by clicking on each of the 5 tabs below:
163206
>>
164207
>> - `domain`: Enter the domain name attached to the email service on which you want to enable DKIM.
165208
>>
166-
>> Click `TRY`{.action} to activate.<br>
209+
>> Click `EXECUTE`{.action} to activate.<br>
167210
>>
168211
>> *Sample result:*
169212
>>
@@ -191,7 +234,7 @@ Follow the **5 steps** by clicking on each of the 5 tabs below:
191234
>>
192235
>> - `domain`: Enter the domain name attached to the email service.<br>
193236
>> <br>
194-
>> Click `TRY`{.action} to view the result.<br>
237+
>> Click `EXECUTE`{.action} to view the result.<br>
195238
>>
196239
>> *Example result:*
197240
>>
@@ -235,7 +278,7 @@ Follow the **5 steps** by clicking on each of the 5 tabs below:
235278
>>
236279
>> - `domain`: Enter the domain name attached to your email service.
237280
>>
238-
>> Click `TRY`{.action} to view the result.
281+
>> Click `EXECUTE`{.action} to view the result.
239282
>>
240283
>> *Example result:*
241284
>>
@@ -270,7 +313,7 @@ Follow the **5 steps** by clicking on each of the 5 tabs below:
270313
>> - `ovhmo3456789-selector1._domainkey.mydomain.ovh` is the subdomain of the CNAME record. We only keep `ovhmo3456789-selector1._domainkey` because `.mydomain.ovh` is already present. <br>
271314
>> - `ovhmo3456789-selector1._domainkey.123403.aj.dkim.mail.ovh.net."` is the record target. Keep the period at the end to punctuate the value.<br>
272315
>>
273-
>>![email](/pages/assets/screens/control_panel/product-selection/web-cloud/domain-dns/dns-zone/dns-dkim-api022.png){.thumbnail}
316+
>>![email](/pages/assets/screens/control_panel/product-selection/web-cloud/domain-dns/dns-zone/dns-dkim-api022.png){.thumbnail .w-400 .h-600}
274317
>>
275318
>> Once you have entered the values, click `Next`{.action} then `Confirm`{.action}.
276319
>>
@@ -298,7 +341,7 @@ Follow the **5 steps** by clicking on each of the 5 tabs below:
298341
>>
299342
>> - `domain`: Enter the domain name attached to your email service on which you want to enable DKIM.
300343
>>
301-
>> Click `TRY`{.action} to activate.<br>
344+
>> Click `EXECUTE`{.action} to activate.<br>
302345
>>
303346
>> *Example result:*
304347
>>
@@ -365,10 +408,10 @@ If you want to disable the DKIM without removing the selectors and their key pai
365408
366409
- `domain` : enter the domain name attached to your email service on which the DKIM must be present. <br>
367410
368-
*Example result:*
411+
*Example result:*
369412
370-
```console
371-
{
413+
```console
414+
{
372415
"domain": "guidesteam.ovh",
373416
"id": 174219594,
374417
"function": "domain/disableDKIM",
@@ -392,7 +435,7 @@ Click on the `DNS Zone`{.action} tab, then `Add an entry`{.action}. There are 3
392435

393436
This record is named DKIM on the interface but it is actually a TXT record in the zone. The purpose of the DKIM record is to make it easier to read the various parameters of the DKIM by presenting them as independent fields.
394437

395-
![email](/pages/assets/screens/control_panel/product-selection/web-cloud/domain-dns/dns-zone/dns-dkim-add.png){.thumbnail}
438+
![email](/pages/assets/screens/control_panel/product-selection/web-cloud/domain-dns/dns-zone/dns-dkim-add.png){.thumbnail .w-400 .h-600}
396439

397440
- **Sub-domain**: Enter the DKIM selector name and add `._domainkey` as a suffix. Your domain name will be added automatically at the end.
398441

0 commit comments

Comments
 (0)