DKIM for externally hosted domain + Opalstack mail

pjrobertson

I want to set up DKIM for a domain that's externally hosted, but is using Opalstack for Webmail.

I've followed the instructions at: https://help.opalstack.com/article/50/managing-domains which says:

If you're using external name servers with your domain and are using Opalstack's SMTP to send mail, then be sure to create a TXT record at your external NS containing your domain's DKIM public key.

But what subdomain should I use for the DKIM TXT record? I have multiple email providers for this domain, (so multiple DKIMs under e.g. s1._domainkey.MYDOMAIN.com, amazonses._domainkey.MYDOMAIN.com), so what should the Opalstack one be?

Perhaps just default._domainkey.MYDOMAIN.com? Or something else? Can that guide be updated with more detail?

Thanks

sean

pjrobertson The name to use is dkim._domainkey.MYDOMAIN.com.

I've updated the docs to include that info, apologies for the omission.

Note that most other providers have you specify the "name" part of DNS records as just the subdomain, so in those systems the name will be dkim._domainkey.

pjrobertson

sean Great, thanks Sean for the quick response. I actually just sent a test message and saw the DKIM signature as:

v=1;
a=rsa-sha256;
c=relaxed/relaxed;
d=MYDOMAIN.com;
s=dkim;
t=1619750730;
[snip]

Which shows the domain is dkim as you say (s=dkim) - great!

This works for me, but I see the generic name dkim could potentially collide with other providers if they use the same name. It's probably a big ask, but for future-proofing, it might be worth using something more unique like opalstack or something.