Domain Keys is a domain level email authentication mechanism, to verify the authenticity of the emails generated from your domain, based on the DNS records of your domain. Domain Keys provide you the advantage to add a unique digital code to the email headers that generate from valid servers, which your domain approves, authenticating every outgoing email generated through the particular servers. Domain Keys combine a Public- Private key combination, that authenticate the outgoing emails, based on the public keys published in your domain's DNS.
Steps to enable Domain Keys for your domain:
You can enable DomainKeys for your domain from the Zoho Mail's control panel, after creating the required text record in your domain's DNS manager. The Domain Keys involves three stages, generation of unique domain key value for your domain in Zoho Mail, creation of the text record with that value in your DNS, validating and enabling the domain keys in Zoho Mail.
Generating Unique Domain Key in Zoho Mail.
- Log in to mail.zoho.com as Super Administrator.
- Click Control Panel >> Org Settings
- Select DomainKeys tab to enable DomainKeys for your domain.
- Select the domain name for which you want to generate Domain Keys.
- Provide a 'selector' name in the text box. The selector name is an identifier, use specifically for Zoho Mail. Ex: zoho
- Click Generate to populate the text box with the domain key text.
- Copy the entire text value.
Creating TXT Record in DNS Manager.
- Login to your domain's DNS Manager and create a text record in your DNS with the name <zoho>._domainkey.<domainname>
- In the text record, provide the entire value you copied from the text field and save the file.
- Save the TXT record in the DNS Manager.
- You can check the validity of the Domain Key using this third party link.
Enabling Domain Keys.
- Once you have validated the TXT record, click 'Start authentication'. The text record will be validated and if the text record entry for the domain is valid, then the domain keys will be enabled for the domain.
- If the test results are successful, remove the text t=y from the text value and save the TXT record again (t=y denotes test mode).
- In case you do not require the Domain Keys, you can disable the Domain Key for your domain, but only after you remove the TXT record added in the DNS.
- If needed, you can also regenerate another public key for your domain and enable it to create a new set of Domain Keys for your domain, by replacing the TXT record.
Benefits of adding Domain Keys for a domain:
The Domain Key validation helps in identifying the following:
- The email address listed in the 'From' line is valid.
- The domain listed in the 'From' line is authorized and has actually sent the email.
- The email content has not been altered since creation/ sending.
- The email is not spoofed, to make it appear to be from the particular domain address.
Hence if the Domain Keys are valid, the recipients can trust that the email is actually from the email address listed, and is not spoofed.