CNAME DKIM Signing Feature

The easiest way to brand your email messages with your own DKIM signature is with the “Use a CNAME record” signing option.

What are the benefits of using the "Use a CNAME record" DKIM Signing Feature?

The benefits of using this method of DKIM signing is that it allows SocketLabs to remain in control of both the private and public DKIM keys. This allows you to get the benefit of custom DKIM signatures without the hassle of managing and rotating custom DKIM keys yourself.

For email experts looking for more refined control on the DKIM signatures of their messages, please see our Advanced DKIM Signing Feature

What does "Use a CNAME record" DKIM Signing require?

The “Use a CNAME record” option requires only the establishment of a single CNAME record in the DNS of your domain. The SocketLabs On-Demand Control Panel will perform a verification of your CNAME record before allowing for this feature to be enabled.

What is needed in my DNS settings?

Creating a CNAME record is a process that is handled by the provider that manages your domain’s DNS settings. This could be your website hosting provider, your domain registrar, or a third party service like Amazon’s Route 53.

SocketLabs does not provide technical support for managing your DNS settings. You will need to contact your DNS provider for assistance with establishing a CNAME record.

The CNAME entry that should be created is as follows:

dkim._domainkey.yourdomain.com CNAME IN dkim._domainkey.email-od.com

So if your domain were example.com, you would create the following record:

dkim._domainkey.example.com CNAME IN dkim._domainkey.email-od.com

Depending on the TTL settings of your DNS records, it could take 24 to 48 hours before SocketLabs will be able to verify your CNAME entries. If we are unable to verify your DNS entry, it is likely that mailbox providers will also be unable to verify your entry. 

What if my DNS provider does not support the underscore "_" character?

Some providers do not support the underscore character “_” in CNAME entries. If your DNS provider does not support this, you will be required to use the Advanced DKIM signing feature.

Custom DKIM signatures will only be applied to messages that have a Purported Responsible Address (PRA) at the domain in which a custom signing option has been established. In most cases the PRA is the From Address, or the Sender Address.

Related Information

For more information about DKIM authentication technology, please see: DomainKeys Identified Mail (DKIM) Authentication

For more information about SPF authentication, please see our related article: Sender Policy Framework (SPF)