Menu
I have several cloud applications that send email. Each application has DKIM set up.
For example:
cloud app 1 : k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4zOo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwnAB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEbbcBhthrnETKoCg8wOwIDAQAB cloud app 2 : k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4zOo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwnAB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEbbcBhthrnETKoCg8wOwIDAQAB Can I add two separate TXT records to my DNS? Or should I combine both TXT records into one?
Please explain how to add multiple TXT records for a single domain.
447
Yes, you can have multiple DKIM records on your domain. Unlike DMARC or SPF, DKIM sets no limit to the number of records you can configure for a single domain as long as it is permitted by your DNS host.
You can have only one active DKIM key per domain name.
Note that a single email can contain multiple DKIM signatures, and it is considered to be a DMARC "pass" if any DKIM signature is aligned and verifies.
Yes you can. A DKIM signature looks like this:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=M1X/nttSCpN...ttSCpN=; b=SPso8U12ChySEQcnJcvm76...RAxjJFcBI= During validation the selector and domain (selector1 and example.com above respectively) are both used to locate the TXT record with the public key. This is done by merging them with _domainkey in between:
selector1._domainkey.example.com In your case you can use 2 different selectors (like cloudapp1 and cloudapp2), then each private key can have its own unique DNS record. The corresponding DNS entries would look something like:
cloudapp1._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4zOo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwnAB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEbbcBhthrnETKoCg8wOwIDAQAB" cloudapp2._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4zOo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwnAB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEbbcBhthrnETKoCg8wOwIDAQAB" Yes, you can have multiple DKIM records, TXT or CNAME-typed, on a single domain.
Multiple DKIM selectors and private/public key pairs are usually created for these reasons:
1 a domain uses multiple email delivery services to send emails, in which case, multiple DKIM selectors and private/public key pairs must be used to separate these services.
For example, if you authorize both Mailchimp and Convertkit to send emails on behalf of you, you need to have at least (usually more) 1 for Mailchimp and 1 for Convertkit. This way, the signing/verification servers can locate the correct key pairs.
2 even you are using only one email delivery service, having multiple selectors/key pairs is a best practice due to security reasons. One needs to periodically change the key pairs to lower the risk of being compromised. This is known as “DKIM key rotation”.
When you create multiple DKIM records, you need to choose a selector that is unique across all DKIM records on that domain. This way, the use of a DKIM record doesn't interfere with that of another.
Refer to this post for more information: https://dmarcly.com/blog/what-is-dkim-selector-and-how-does-it-work-dkim-selector-explained
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
