Adding DKIM to Cloudflare is an email authentication technique that helps stop spammers and other malicious parties from impersonating a legitimate domain.

As part of our Server management service, Bobcares responds to all inquiries, big or small.

Let’s take a look at how our Support team explained the DKIM record and how to publish the DKIM record in CloudFlare.

Add DKIM to Cloudflare

A domain is the part of an email address that comes after the “@” symbol. When sending emails to carry out phishing attacks or other scams, spammers and attackers may attempt to impersonate a domain.

How does DKIM work?

DKIM has two main components: the DKIM record, which is stored in the domain’s DNS records, and the DKIM header, which is attached to all emails from the domain. It employs digital signature schemes based on public key cryptography to verify that an email originated from a server that sends emails from that domain. A private key is used by the sender to sign messages, and a public key is used by the receiver to verify signatures. A receiver cannot sign messages using the public key, and vice versa.

All emails from that domain include a DKIM header, which contains a section of data signed with the private key: this is referred to as a “digital signature.” An email server can examine the DKIM DNS record, obtain the public key, and then use the public key to validate the digital signature.

This procedure also ensures that the email was not altered in transit. The digital signature will not be validated if the email headers or body have been altered, much like a tamper-proof seal on a medicine canister.

What exactly is a DKIM record?

A DKIM record contains the DKIM public key, which is a randomised string of characters used to validate anything signed with the private key. Email servers look up the domain’s DNS records to find the DKIM record and public key.

A DNS TXT (“text”) record is actually a DKIM record. TXT records can hold any text that a domain administrator wishes to associate with their domain. DKIM is just one of the many applications for this type of DNS record.

Name

DKIM records, unlike most DNS TXT records, are stored under a specialised name rather than the domain name. DKIM record names are formatted as follows:

[selector]._domainkey.[domain]

The selector is a specialised value issued by the domain’s email service provider. It is included in the DKIM header to allow an email server to perform the necessary DNS DKIM lookup. The domain is the email domain name, and all DKIM record names include .domainkey. Email servers use the DKIM selector provided by the email service provider, not just the domain name, to look up the DKIM record.

Publish the DKIM record in CloudFlare.

1. Firstly, ensure that the DKIM record has been generated.
2. Then go to cloudflare.com and enter the credentials to access the dashboard.
3. Find the domain to which we want to add the DKIM record on the CloudFlare dashboard’s home page, then click it.
4. Then, as shown below, click the DNS button:
5. Now we’ll go to the DNS section and create a DKIM record for the domain.
6. Then, fill out the DKIM record settings.
7. Ascertain that the record type is CNAME, the name is s1. domainkey, where s1 is the DKIM selector, and the target is the CNAME record generated above.
8. Finally, select the Save option. We’ve now added the record.
9. Then, we can use our free DKIM record checker to verify the published DKIM record. Please keep in mind that the change we made in the previous step may take some time to propagate in the DNS; therefore, if we can’t find the record, wait up to 1 hour before retrying.

[Looking for a solution to another query? We are just a click away.]

Conclusion

To sum up, DKIM, along with SPF and DMARC, makes impersonating domains much more difficult. So, emails that fail to pass DKIM and SPF are labelled as “spam” and are not delivered by email servers.