Setting DKIM and DMARC for your domain

Level: intermediate

 

Objective: 

Walk you through the necessary steps to set up DKIM and DMARC on your domain to protect it from spoofing attempts and prevent your emails from going into your clients’ junk folders.

 

Setting up DKIM and DMARC

DKIM and DMARC are two strategies that prevent domains from being hijacked by spoofing attempts. They involve making adjustments to your domain’s DNS records. If you’re using your own domain with your Hushmail account, you’ll want to set up DKIM and DMARC.

DKIM must be set up for DMARC to be effective, and we provide the steps to set up both records in this article. A good time to set up DKIM and DMARC is when you first activate your Hushmail account and you’re setting your MX records and SPF records.  

Here are the steps to setting up DKIM and DMARC:

 1. Sign in to the administrative console of your domain registrar 

Your domain registrar is where your domain name is registered and is usually the same site where you purchased your domain. This will be the same place where you update your MX records. If you need help identifying your domain registrar, you can type your domain into https://who.is/ to find out who it is. 

2. Look for where you can edit your DNS records

All registrars are a little different, but if you look for “DNS,” you should find the place on your registrar’s administrative console where you can edit your DNS records.

3. Add a TXT record for DKIM 

In the Host field of the record, type:

hush._domainkey

In the Value field of the record, type:

k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gu26tKsHf9OceZ9VKP7c+a03oMs95fUq3xhrYUMsOsJXTHwMfIjNMf8ZVNIGR7QoLIBXUj1STve9pLdHM7bI8Agd91Xsv1tEpXMb7t9EYI+sp6QFYD7jO1oeNHz0MBzemLsyJPQ8MGpuLi7k54G5hgTpaGGJDSR9sekoja+HocIgsF8GOBqjZn53PHBJWqmkr0ST5gX6lDse4yLNZ40rkKdDcTCYhJ7phKfYlR/6XgPgm9dXBGXZ+jKatW5VrL+uAOY6lhkbIADUCRaFAspHeE10qifG8Jf64mEP8ZgiyttK+zjGWNtlKtfpTpZTPJTF7MUoIvz2VlLJoMKHYZxkwIDAQAB

 

Note: The following video demonstrates adding a DKIM record in Squarespace. Your interface may look and behave slightly differently if you use a different provider.

dkim.gif

 

4. Save your changes

5. Add another TXT record for DMARC

In the Host field of the record, type the following:

_DMARC

In the Value field of the record, type the following:

v=DMARC1; p=quarantine; pct=100

6. Save your changes

Tip: If you’re getting an error like this:

“TXT records may not exceed 255 characters”

You can add 2 TXT records instead of 1 and split the DKIM as follows:

First TXT record:

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gu26tKsHf9OceZ9VKP7c+a03oMs95fUq3xhrYUMsOsJXTHwMfIjNMf8ZVNIGR7QoLIBXUj1STve9pLdHM7bI8Agd91Xsv1tEpXMb7t9EYI

Second TXT record:

sp6QFYD7jO1oeNHz0MBzemLsyJPQ8MGpuLi7k54G5hgTpaGGJDSR9sekoja+HocIgsF8GOBqjZn53PHBJWqmk+r0ST5gX6lDse4yLNZ40rkKdDcTCYhJ7phKfYlR6XgPgm9dXBGXZ+jKatW5VrL+uAOY6lhkbIADUCRaFAspHeE10qifG8Jf64mEP8ZgiyttK+zjGWNtlKtfpTpZTPJTF7MUoIvz2VlLJoMKHYZxkwIDAQAB

 

 

Next steps: 

If you’d like to know more about DKIM and DMARC, you will find helpful information in our blog post What you need to know about spoofing. 

Customer Care will also be happy to answer your questions. 

 

Resources: 

SPF Records

MX records