Note: DKIM is not applicable if you have a custom mailbox.
Domain verification is a mandatory check if you are using the default Freshdesk server as the email communication method. To perform domain verification, we now support DKIM (Domain Key Identified Mail) thereby being DMARC (Domain-based, Message Authentication, Reporting, and Conformance) compliant, which includes SPF check within the DKIM records, making your organization capable of authenticating the communication between you and your customers.
DKIM generates a signature, which is attached to the message while in transit, to verify the authenticity of the message source. This signature is associated with the organization’s registered domain name. On reaching the destination, if the message has its signature validated, then the source of the mail is verified. Hence no one can send emails impersonating your organization and support emails sent by Freshdesk on your behalf will not be marked as spam. DKIM also authenticates the incoming emails to be valid in Freshdesk as well.
A quick guide to setting up DKIM in Freshdesk
To set up DKIM you need to first update your DNS records with the Freshdesk domain key so that it can be located and used for verifying signatures. The UI and terminology might change across different domain registrars but the essential setup would remain more or less the same. Follow the procedure below to spoof proof your support emails:
- Login to your Freshdesk account as an admin.
- Go to Admin > Support Channels > Email Settings > Advanced Settings> Configure DKIM.
- Copy the system generated settings (4 CNAME records) to publish in your DNS server/domain provider’s account. This is a one-time configuration step per domain name.
Note: In case you have configured the same records for other applications, please feel free to reach out to Freshdesk Support. If you are using GoDaddy, remove the domain name (under 'Host Value') before verifying the records inside Freshdesk. We'll also need access to your Freshdesk account as an occasional agent to raise new records.
To update your DNS records with the Freshdesk domain key (In your domain registrar):
- Login to your domain registrar’s control panel with the credentials used to register your domain name.
- To change the DNS records, locate and click on the option called Manage DNS, Name Server Management, DNS Management, or Advanced Settings.
- Look for an option to create a CNAME record.
- Add the values copied from your helpdesk into the new CNAME record.
- The above steps have to be repeated individually for each domain in the case of multiple domains. For eg: firstname.lastname@example.org and email@example.com will require only a single setup but firstname.lastname@example.org and email@example.com will require a repeat of the setup individually for both emails.
- Once you have completed the setup, you need to verify it in Freshdesk. Under Admin → Email → Advanced Settings → Configure DKIM, expand the domain settings, and click on Verify to make sure that the DNS settings are published correctly.
Note: There could be a propagation delay (maximum 48 hours) for verification. Once verified, the system will send an email to the Admin stating that the DNS settings were verified for the particular domain.
After verification (In Freshdesk):
- Once DKIM is verified for a particular domain, a tick/cross against the DNS settings will indicate the status.
- An email is sent to the account admin when the verification is complete in the backend. One email is sent for each domain name you have configured.
- To remove your DKIM settings, click on Remove against each domain, which will remove the CNAME records for that domain.
- In any case, you wish to add new records/domains for DKIM, feel free to write to us at firstname.lastname@example.org with your Freshdesk URL and plan details.
Here is a quick video on setting up and verifying DKIM