This article provides a detailed overview of Domain Key Identified Mail (DKIM) and how you can configure DKIM. You can also learn about a few troubleshooting scenarios and possible steps to resolve them.


What is DKIM?

Domain verification is a mandatory check if you are using the default Freshdesk server for email communication. You can perform domain verification via Domain Key Identified Mail (DKIM ) and ensure that your business is Domain-based, Message Authentication, Reporting, and Conformance (DMARC) compliant, which includes SPF check within the DKIM records, making your organization capable of authenticating the communication between you and your customers.


Why is DKIM required?

DKIM generates a signature, which is attached to the message while in transit, to verify the authenticity of the message source. This signature is associated with the organization’s registered domain name. On reaching the destination, if the message has a valid signature, the email source is verified. 


Hence no one can send emails impersonating your organization and support emails sent by Freshdesk on your behalf will not be marked as spam. DKIM also authenticates the incoming emails to be valid in Freshdesk as well. 

DKIM plays a crucial role in enhancing email security, establishing sender legitimacy, and ensuring better email deliverability by reducing the chances of emails being marked as spam or phishing attempts.

The benefits of using DKIM are:

  • Email Authentication: DKIM verifies and ensures that the content of an email message has not been tampered with during transmission. This helps recipients trust the authenticity of the sender.
  • Sender Reputation: Implementing DKIM can positively impact the sender's reputation. Email service providers use DKIM as a factor to determine whether incoming emails are legitimate or spam.
  • Reducing Spoofing and Phishing: DKIM helps prevent attackers from impersonating legitimate senders, reducing the possibility of phishing attacks and email spoofing.
  • Improved Deliverability: Email messages signed with DKIM are more likely to bypass spam filters and reach recipients' inboxes, as it adds an extra layer of credibility to the sender.
  • Domain Reputation: DKIM contributes to the overall reputation of a sender's domain, influencing the possibility of successful email delivery.
  • Third-Party Services: Many email services and platforms require DKIM authentication for sending emails on behalf of a domain. Without DKIM, emails from these services might be treated as suspicious or rejected by recipients' email systems.


Note: Though DKIM (DomainKeys Identified Mail) verification is not specifically required for a custom email server in Freshdesk, we still recommend configuring DKIM for your own DNS at your end. This ensures enhanced email security and helps prevent spoofing and phishing attacks.


How to configure DKIM?

Before proceeding with DKIM setup, you need to first update your DNS records with the Freshdesk domain key so that it can be located and used for verifying signatures. The UI and terminology might change across different domain registrars, but the essential setup will be similar.

Here is a quick video on setting up and verifying DKIM.



To configure DKIM:

  1. Login to your Freshdesk account as an admin.
  2. Go to Admin > Support Channels > Email Settings > Advanced Settings> Configure DKIM.
  3. Copy the system-generated settings (4 CNAME records) to publish in your DNS server/domain provider’s account. This is a one-time configuration step per domain name.
     


Note: If you have the same records for other applications, contact Freshdesk Support. If you use GoDaddy, remove the domain name (under 'Host Value') before verifying the records inside Freshdesk. We will also need access to your Freshdesk account as an occasional agent to raise new records.


To update your DNS records with the Freshdesk domain key (In your domain registrar):

  1. Login to your domain registrar’s control panel with the credentials used to register your domain name.
  2. To change the DNS records, locate and click on the option called Manage DNS, Name Server Management, DNS Management, or Advanced Settings.
  3. Look for an option to create a CNAME record.
  4. Add the values copied from your helpdesk into the new CNAME record.
  5. Repeat the above steps for each domain in the case of multiple domains. For example, support@tripto.com and billing@tripto.com require only a single setup; however, if you have support@tripto.com and billing@holidayto.com, you need to set up DNS verification individually for both emails.
  6. Once you complete the setup, verify it in Freshdesk.
    Go to Admin>Email>Advanced Settings>Configure DKIM, expand the domain settings, and click Verify to make sure that the DNS settings are published correctly. 

 
Note: There could be a delay (maximum 48 hours) for verification. Once verified, the admin will receive an email.

 

How to check DKIM verification status?

An email is sent to the account admin when the verification is complete. One email is sent for each configured domain name. To know the verification status, go to the DKIM Settings. You can check the status of the DKIM verification:

  • Green check mark: Indicates that the DNS is verified.
  • Red cross mark: Indicated unverified DNS.



Troubleshooting DKIM Issues

  1. General Issues
  2. DKIM Verification issues
  3. DKIM records not found


General Issues

  • If you get a '404' error while configuring DKIM, contact Freshdesk support at support@freshdesk.com with a screenshot of the error.
  • To remove your DKIM settings, click Remove against each domain. This removes the CNAME records for that domain.
  • If you wish to add new records/domains for DKIM, contact support@freshdesk.com with your Freshdesk URL and plan details.
  • If the DKIM records are unique and valid but not verified yet, contact your DNS host or contact us at support@freshdesk.com with your DNS host in the loop.
  • If you receive a 'Domain verified in other account' error message, remove the records you have added for the account, exit the page, and then add the values again. If the issue persists, write to support@freshdesk.com with a screenshot of the error displayed.

DKIM Verification issues

  1. Records not matching:
    There may be instances where certain characters are missing or extra characters are added in the DNS compared to what is displayed in Freshdesk. In such cases, the DKIM verification in Freshdesk may fail. Ensure that there are no spaces in the DNS.
  2. Avoid spaces in CName record:
    Ensure that there are no spaces before or after any of the characters in the CName record.
  3. Records not published:
    Even if the DKIM records are correctly added to the DNS, they may not be published. To verify if the records are published, perform a CNAME lookup with the CNAME record. A published CNAME record should look like this :

  4. DNS configuration with certain providers like GoDaddy:
    When using specific DNS providers like GoDaddy, it is not necessary to repeat the domain when adding the host value in the DNS.
    For example, if the CNAME is 'host - fwdkim1.sauls.com' and 'value - spfmx1.domainkey.freshemail.io,'
    enter only 'fwdkim1' in GoDaddy, as it automatically adds the domain to the record. If you add 'fwdkim1.sauls.com' directly in GoDaddy, it will be added as 'fwdkim1.sauls.com.sauls.com,' causing the validation to fail.
  5. Overlapping DKIM record values for the same email domain:
    When the same email domain is added to multiple Freshdesk accounts or multiple Freshdesk products, there may be overlapping DKIM record values. To address this, ensure that only a single entry is made in the DNS. It is not necessary to duplicate the same entry in the DNS, even if the values overlap. However, make sure that a single entry containing all the values from both accounts is added to the DNS and published for successful verification in Freshdesk.


DKIM records not found

If DKIM records are available for configuration in the Advanced Email Settings, you can perform the following steps:

  1. Verify if a custom support email domain is set up: 
    Check if a custom support email domain is set up under the Admin → Email section. It is important to ensure that the domain exists.
  2. Verify the status of the email domain: 
    Ensure that the email domain is verified. This means that the domain ownership and configuration have been successfully verified.
  3. If the above checks are satisfied but the domain is still not available, contact support@freshdesk.com.