We’re excited to announce that we simplified the DomainKeys identified mail (DKIM) configuration process for Oracle Cloud Infrastructure (OCI) Email Delivery service. Now, you can quickly and accurately configure DKIM within minutes without needing to speak with Oracle Support.

Self-service DKIM key generation

As reputable senders understand, DKIM is an important part of email authentication, regardless of who you send through. It tells receiving mail servers and mailbox providers that the email that they’re receiving comes from a trusted source and is also required for setting up a DMARC policy.

Historically, obtaining a DKIM key through OCI required a service request for each approved sender defining a selector, and waiting for our support team to respond with the key. sender Some customers have thousands of approved senders.

With the new self-service functionality, you can set up a DKIM key once for your sending domain and associate it with all the approved senders of that domain, no matter how many approved senders are associated with it. The key also comes instantly.

You define the selector and the value returned is the required information to input into your domain’s DNS. These processes can happen within the OCI Console or programmatically using our API or command line interface (CLI).

Setting up

You can read more about the process of setting up DKIM with our documentation.

  1. Create the email domain if it doesn’t exist already.

  2. Configure the DKIM record.

  3. Add the DKIM record to your DNS setup.

  4. Activate the record.

  5. Set up approved senders.

Already configured DKIM for your approved senders?

You don’t have to do a thing. We can automatically provision your new email domains, associate the approved senders, and configure the same DKIM key for each so that your mail continues to be delivered without interruption.

Let’s talk about SPF

While you’re in your domain’s DNS setting up DKIM, don’t forget about setting up the sender policy framework (SPF) for your email domain. Another valuable form of email authentication, email receivers use SPF to detect email spoofing. Using SPF, an email receiver can check if the IP that they’re receiving email from is explicitly authorized to send for that domain.

SPF is implemented by inputting a single TXT record into your domain’s DNS that declares which hosts are allowed to send email on behalf of the domain. Receiving mail servers check the SPF records of sending domains to verify that the email’s source IP address is authorized to send from that domain.

Without SPF or DKIM, brands and companies open themselves up to spoofing attempts from bad actors looking to pretend they are a brand they are not, potentially costing the actual company thousands of dollars and trust.

Try out the SPF and DKIM Verification feature

Use our new SPF and DKIM verification feature within the OCI Console’s email domain page to confirm your DNS is configured correctly, as shown in the following screenshot.

A screenshot of the Email Domain Details page with the DKIM and SPK statuses outlined in red with a red arrow pointing to them.

When DKIM is set up and emails are being sent, you can also verify the signature is using the appropriate selector and is error-free by viewing the DKIM selector and DKIM signing error info field values in an outbound relayed log.

Conclusion

Setting up DKIM (and SPF) is imperative for delivering important emails to the inbox and for DMARC compliance. We’re setting you up for success by making it easy to configure and verify DKIM whether it’s in the Oracle Cloud Infrastructure Console, using our SDKs, or from the command line, so your email gets delivered.

If you’re not familiar with the importance of SPF or DKIM, check out the following blog posts:

  •