Adding DKIM

mattgod69 · August 01, 2025, 11:40:56 AM

Hi

I am using roundcube to route my emails for my domains and I am trying to get my emails signed with DKIM. I have generated the keys I need for the DNS records on my domain, but there is a private and a public key and I am not sure which one to use.

The website I generated the key on seems to suggest the private one is needed. I have added this kid at the moment, but the DKIM has not yet been implemented (I know this is not instant and can take some time).

Does anyone know which record I should be using? Also, does anyone know how long this normally takes to run through the system and finally is there anyway I can easily check if it has been applied to my DNS settings?

Many thanks in anticipation.

Matt

showfer · August 01, 2025, 12:48:39 PM

You put the private key in your email system so it can sign outgoing messages. You put the public key in DNS so that anyone receiving email from you can verify the signatures.
The DNS entry is a TXT record such as newyork._domainkey.domain.tld. You can have multiple "selectors" so that different departments can have their own DKIM keys.
Once you have signing and DNS set up, you can test it at places like https://dkimvalidator.com/ and https://aboutmy.email/ (and many others).

mattgod69 · August 01, 2025, 01:35:36 PM

Thank you showfer .... very helpful. Couple of queries.... when you say the private key in my email system, do you mean MS Outlook? I cant see where you could add this info. I have currently put the private key in the Domain Settings (which is a TXT record) with my Hosting provider and thats it (so it will presumably apply to all emails within the domain). I think this is actually where you mean. I have just checked and the public key is 'inside' the private DNS key.... so presumably anyone can see and generate the public key... or do i need to insert it somewhere as well? Many thanks. Matt

showfer · August 01, 2025, 01:57:21 PM

I would recommend not putting the DKIM key in DNS until you have your mail system set up to sign outgoing email.
Where you put the private key depends on which mail server you use. It doesn't go in Outlook, Thunderbird, Roundcube, or any of the other email clients. It goes in the mail server, which is often something like Postfix or Exim, and probably provided by your hosting provider. You can often log into your hosting control panel and paste the key into the appropriate place to get signing working.

mattgod69 · August 01, 2025, 02:33:02 PM

Thanks again... do my website hosting company need to set to sign outgoing mail? They just told me to create the DNS record in my domain settings... which has been done, but can be deleted of course. I cant see where Postfix or Exim is in my control panel....

showfer · August 01, 2025, 03:31:54 PM

Did you give them the private key, or generate the keys in the hosting control panel? They might already have it and have installed it in the right place to turn on signing. If you still have the public key in DNS then you could try DKIM Validator or About My Email to see if messages are being signed.
Your hosting control panel may well hide which mail server it is using to avoid confusing customers with product names.

Adding DKIM

mattgod69

showfer

mattgod69

showfer

mattgod69

showfer