Email Domain Verification
Why verify your email domain?
Administrators use the Account Settings page to send emails from Zoho Sign using their company's email address. This can help companies improve the authenticity and credibility of their message. However, when a third-party service like Zoho Sign sends out an email on your behalf, there's a chance that these emails may be considered spoofing, phishing attempts and marked as spam by the recipients email services based on their DMARC (Domain-based Message Authentication Reporting and Conformance) policy. To handle situations like this, we have introduced email domain verification in Zoho Sign using DomainKeys Identified Mail (DKIM) method.
What is DKIM?
DKIM is an email authentication method that helps companies take responsibility of their message in transit, and mailbox providers to check the source of each message using cryptographic techniques. For each email, DKIM will attach a signature during the transmission to verify the authenticity of the message source. This way, companies can prevent spammers from sending out emails impersonating them, and enable third-party services to send emails on their behalf without them being marked as spam.
How DKIM works in Zoho Sign?
- A public key will be published as a TXT record for your domain's DNS Manager, and every outgoing email from Zoho Sign will have a signature attached to its header, generated using the private key of your domain.
- Your recipient's email server will check the email header of each message with the public key stored in your DNS record every time.
- This will help email services to verify your domain ownership.
- Emails will land in the spam folder of your recipient's mailbox if this verification failed.
For example, if email@example.com is sending a document to firstname.lastname@example.org using Zoho Sign, the email from John will have a signature added to its header (generated using the private key of the domain-zylker) and the public key of the domain - zylker will be already published as a TXT record in the zylker's DNS Manager. Mark's email server will validate the email's legitimacy with John's email header and the public key stored in John's DNS record. If the verification is successful, the email sent by John will land into Mark's inbox.
For more information, refer to the FAQ section on DKIM configuration. To verify your email domain ownership using DKIM in Zoho Sign, you need to complete the three steps as mentioned below:
This step is necessary for Zoho Sign to recognize your domain, and generate a key (hostname, value) for that domain.
- Navigate to Settings > Account settings > Email domain verification status.
- Click Verify now.
- Enter your domain name. For example, if your email is email@example.com, the domain name you'll have to enter is zylker.com.
- Click the Generate Key button. This will generate a hostname and value.
In this step, you need to publish your domain's public key as a TXT record in your DNS Manager. Every outgoing email from Zoho Sign will have asignature added to its header generated using the private key of your domain. Your recipient's email server will validate emails sent from Zoho Sign using the public key published in your DNS record.
- Login to your DNS Manager.
- Select the TXT Method tab in the Domain Verification page.
- Create a TXT record in your DNS with the title as the hostname. For example, zoho._domainkey.zylker.org should be the name of the TXT record if that was the hostname provided.
- In the TXT record value, paste the content you copied from the Value field in Zoho Sign.
- Save the TXT record in the DNS Manager.
- Go to Zoho sign and click the Next button in the step-2 (Add TXT record)
- Ensure you have completed adding the TXT record in the DNS Manager.
- Click the Verify Domain button.
- If the entry has been added correctly, your domain would be marked as verified and emails sent from Zoho Sign will be signed and verified using the key pairs.
- You should not remove this TXT record from your domain hosting console as long as you continue to use that email address in Zoho Sign. If not your email domain will be marked as not verified again and your emails may land in spam.
Important note: It will usually take few hours for your domain to get verified based on the TTL (Time To Live) value in the TXT record.