You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: pages/web_cloud/domains/dns_zone_dkim/guide.en-asia.md
+59-16Lines changed: 59 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,9 +1,18 @@
1
1
---
2
2
title: How to improve email security with a DKIM record
3
3
excerpt: Find out how to configure a DKIM record on your OVHcloud domain name and email platform
4
-
updated: 2024-07-05
4
+
updated: 2025-01-22
5
5
---
6
6
7
+
<style>
8
+
.w-400 {
9
+
max-width:400px!important;
10
+
}
11
+
.h-600 {
12
+
max-height:600px!important;
13
+
}
14
+
</style>
15
+
7
16
<style>
8
17
pre {
9
18
font-size: 14px!important;
@@ -59,6 +68,7 @@ The DKIM (**D**omain**K**eys **I**dentified **M**ail) record allows you to sign
59
68
-[Why do we need to configure DNS servers?](#dns-and-dkim)
60
69
-[Example of an email sent using DKIM](#example)
61
70
-[What is a DKIM selector?](#selector)
71
+
-[Configuring DKIM automatically for an OVHcloud Exchange or Email Pro solution](#auto-dkim)
62
72
-[Configuring DKIM automatically for an OVHcloud email solution](#auto-dkim)
63
73
-[Configuring DKIM manually for an OVHcloud Email or OVHcloud solution](#internal-dkim)
64
74
-[Full DKIM configuration](#firststep)
@@ -84,7 +94,7 @@ The principle of a **hash function** is to generate a **signature** (also called
84
94
85
95
On the following diagram, you can see that the output will always be 32 characters using a MD5 (**M**essage **D**igest **5**) hash algorithm, while the input text may vary in size. The slightest character variation in input data completely changes the output hash, making the output signature unpredictable and tamper-proof. In the example below, the input value is passed into the MD5 hash algorithm and the output is its hash value.
The hash function is useful when you want to check the integrity of a message. Different but similar looking input data will produce a completely different hash value with an equal length of characters in output, regardless of the input length.
90
100
@@ -98,11 +108,11 @@ There are two uses for asymmetric encryption:
98
108
99
109
-**The input data is encrypted with the public key and decrypted by the owner of the private key**. For example, you want a third party to send you data securely. You transmit your public key without worrying about someone getting it. This third party will encrypt their data with your public key. Encrypted data can only be decrypted by the private key owner.
-**The input data is encrypted by the private key owner and decrypted by the public key**. This use applies to authenticate a data exchange. For example, your recipients want to ensure that you are the author of the message you send them. In this case, you will encrypt your message with your private key. This message can only be decrypted by the public key that you have transmitted to everyone, which guarantees your recipients the authenticity of your message. A message decrypted by the public key can only come from the owner of the private key.
The recipient **[email protected]** can decrypt this signature with the public key visible in the DNS zone of **mydomain.ovh**. The signature is created from the content of the email sent. This means that if the email is modified during transit, the signature will not match with the content and this will cause the DKIM check on the destination server to fail.
### Configuring DKIM automatically for an OVHcloud Exchange or Email Pro solution <aname="auto-dkim"></a>
151
+
152
+
The automatic configuration of DKIM is accessible for an email solution MX Plan (included with a [Web Cloud hosting plan](/links/web/hosting)).
153
+
154
+
By default, the DKIM is not activated when you add a domain name to your platform. You will need to launch the automatic configuration process via the OVHcloud Control Panel.
155
+
156
+
In your [OVHcloud Control Panel](/links/manager), in the `Web Cloud`{.action} tab, click `Emails`{.action} , then click on the domain name concerned. Finally, go to the `General information`{.action} tab.
157
+
158
+
In the **General informations** box, you can see that the `DKIM` box is red with the **Diagnostic**.
> If your domain name is not managed in the same OVHcloud Control Panel as your email platform, or registered outside of OVHcloud, you will see the window below:
> This prompts you to enter two CNAME values in the domain name’s DNS zone, which enables you to link this domain name to the DKIM selectors of your email service. You will need to enter these values and ensure that they are propagated before clicking `Enable`{.action}.
175
+
>
176
+
177
+
The automatic activation of the DKIM takes between 30 minutes and 24 hours. To check that your DKIM is functional, simply go back to the `General information`{.action} or the `Associated domains`{.action} tab of your email platform and make sure that the `DKIM` box has turned green.
After 24 hours, if your `DKIM` box is red, please refer to the section [“Why does DKIM not work and appear in red in the OVHcloud Control Panel?”](#reddkim) of this guide.
139
182
140
183
### Configuring DKIM manually for an OVHcloud Email solution <aname="internal-dkim"></a>
141
184
@@ -147,7 +190,7 @@ To configure DKIM, go to the website <https://ca.api.ovh.com/console/>, log in u
147
190
148
191
Go to the API section `/email/domain/`. Type "dkim" in the `Filter` box to display only the endpoints related to the DKIM.
@@ -163,7 +206,7 @@ Follow the **5 steps** by clicking on each of the 5 tabs below:
163
206
>>
164
207
>> -`domain`: Enter the domain name attached to the email service on which you want to enable DKIM.
165
208
>>
166
-
>> Click `TRY`{.action} to activate.<br>
209
+
>> Click `EXECUTE`{.action} to activate.<br>
167
210
>>
168
211
>> *Sample result:*
169
212
>>
@@ -191,7 +234,7 @@ Follow the **5 steps** by clicking on each of the 5 tabs below:
191
234
>>
192
235
>> - `domain`: Enter the domain name attached to the email service.<br>
193
236
>> <br>
194
-
>> Click `TRY`{.action} to view the result.<br>
237
+
>> Click `EXECUTE`{.action} to view the result.<br>
195
238
>>
196
239
>> *Example result:*
197
240
>>
@@ -235,7 +278,7 @@ Follow the **5 steps** by clicking on each of the 5 tabs below:
235
278
>>
236
279
>> - `domain`: Enter the domain name attached to your email service.
237
280
>>
238
-
>> Click `TRY`{.action} to view the result.
281
+
>> Click `EXECUTE`{.action} to view the result.
239
282
>>
240
283
>> *Example result:*
241
284
>>
@@ -270,7 +313,7 @@ Follow the **5 steps** by clicking on each of the 5 tabs below:
270
313
>> - `ovhmo3456789-selector1._domainkey.mydomain.ovh` is the subdomain of the CNAME record. We only keep `ovhmo3456789-selector1._domainkey` because `.mydomain.ovh` is already present. <br>
271
314
>> - `ovhmo3456789-selector1._domainkey.123403.aj.dkim.mail.ovh.net."` is the record target. Keep the period at the end to punctuate the value.<br>
>> Once you have entered the values, click `Next`{.action} then `Confirm`{.action}.
276
319
>>
@@ -298,7 +341,7 @@ Follow the **5 steps** by clicking on each of the 5 tabs below:
298
341
>>
299
342
>> - `domain`: Enter the domain name attached to your email service on which you want to enable DKIM.
300
343
>>
301
-
>> Click `TRY`{.action} to activate.<br>
344
+
>> Click `EXECUTE`{.action} to activate.<br>
302
345
>>
303
346
>> *Example result:*
304
347
>>
@@ -365,10 +408,10 @@ If you want to disable the DKIM without removing the selectors and their key pai
365
408
366
409
- `domain` : enter the domain name attached to your email service on which the DKIM must be present. <br>
367
410
368
-
*Example result:*
411
+
*Example result:*
369
412
370
-
```console
371
-
{
413
+
```console
414
+
{
372
415
"domain": "guidesteam.ovh",
373
416
"id": 174219594,
374
417
"function": "domain/disableDKIM",
@@ -392,7 +435,7 @@ Click on the `DNS Zone`{.action} tab, then `Add an entry`{.action}. There are 3
392
435
393
436
This record is named DKIM on the interface but it is actually a TXT record in the zone. The purpose of the DKIM record is to make it easier to read the various parameters of the DKIM by presenting them as independent fields.
0 commit comments