Four steps to setting up your DKIM record with Oracle Cloud Infrastructure Email Delivery

June 23, 2021 | 3 minute read
Josh Nason
Senior Email Delivery Consultant
Text Size 100%:

Any good onboarding journey from one email provider to another has several important stops. If you’re a new Oracle Cloud Infrastructure (OCI) Email Delivery customer and wondering where to start first, email authentication should always be your first stop.

If you’ve been sending with another cloud email provider, you likely know this information already, but if not, we explain why it’s important.

Email authentication plays a big part in your online reputation

Mailbox providers from the big ones (Gmail, Microsoft, and Yahoo) all the way down to local businesses who utilize anti-spam software rely on SPF, DKIM, and DMARC as the elements that determine whether your email makes it to the inbox or the spam folder. Authentication requires access to your sending domain’s DNS records. By adding SPF, DKIM, or DMARC, both mailbox and anti-spam providers can quickly verify the email being sent through your IP is coming from a trusted source and not by someone impersonating your brand.

This process isn’t just for OCI Email senders, but for any sender looking to send bulk, marketing, and transactional email. Providers are hit with so much spam that they can weed out a lot by verifying if the email that they’re receiving comes from an authorized source.

Not having DKIM set up correctly can cause issues with email going to the spam folder or being soft bounced, so ensuring it’s accurate before those first campaigns or receipts go out is important. DKIM authenticates email through a pair of cryptographic keys: A public key published in a DNS TXT record and a private key encrypted in a signature affixed to outgoing messages. The keys are generated by your email service provider like us. DKIM is also required if you implement DMARC, another form of email authentication.

The following instructions apply to OCI Email Delivery senders but are also applicable for sending through other providers.

Step 1: Confirm your sending domain and provider

To add a DKIM record, you need to determine what sending domain or subdomain that you want to set up DKIM for. For this exercise, we use Determine what email sending service provider or conduit you’re looking to authenticate. In this case, we use OCI Email Delivery.

If you send from different domains or subdomains, each requires their own DKIM record to be created. You can reuse selector records, however.

Step 2: Create a selector

Create a selector record for that domain, which acts as your public key. This record is unique to that domain and can be whatever you choose. For this example, we use 1234-oracle.

Step 3: Implement the record

If you’re using OCI for DNS, the example domain and selector record results in the following CNAME record for implementation: IN CNAME

If you’re using a non-OCI provider for DNS, they provide you with a TXT record to add to your CNAME record, which contains your public key.

How you implement this record can vary depending on whom you use to manage your DNS. Customers that use OCI for DNS can set up DKIM in the Console. Regardless, this process should be easy.

OCI uses standard 2048-bit encryption. With some DNS providers, you might need to make some configuration changes if 2048 is not their standard.

Following the publishing of the record and propagation time, your DKIM record is functional, providing a private key in sent emails that shows mailbox providers that email coming from that email provider is legitimate.

Step 4: Trust but verify

After everything is saved, it’s important to verify that your new DKIM record is set up correctly. You can most easily check through a third-party source, many of which are found easily with a web search for ‘DKIM check.’ All you need is the domain and selector record.

If you’re finding that the record isn’t showing up at all or is showing up incorrectly, it might not have propagated yet. After determining that no caching is taking place, review and ensure that you have the right selector and domain and that you’ve followed the instructions set out by your DNS provider.


Getting email to the inbox is important. Having DKIM on your sending domain/subdomain is an important way to help ensure your email’s journey is completed. If you’re not an Oracle Cloud Infrastructure Email Delivery customer, begin your journey today with a free trial.

Josh Nason

Senior Email Delivery Consultant

An email marketing veteran of more than a decade, Josh came to Oracle through the acquisition of Dyn. He currently works on both the Dyn and OCI Email Delivery teams, both assisting customers with email delivery issues and helping keep the network clean.

Previous Post

Announcing Oracle Support Rewards, making it even easier for customers to use Oracle Cloud

Clay Magouyrk | 3 min read

Next Post

Trust: Why Privacy and Data Science Need to Work in Tandem

Anna Chystiakova | 2 min read