Smailor DKIM setup (DNS)
Smailor signs outgoing mail with a DKIM key we operate. You publish a TXT record on your domain so receivers can verify those signatures.
What you need to know
- One selector (hostname under
_domainkey) and one public key payload are shown for your domain in the app. - The private key never leaves Smailor’s systems; do not generate or paste a private key in DNS.
Who does what
| Role | Action |
|---|---|
| You | Add the DKIM TXT (or follow the exact host/value the dashboard copies for you). |
| Smailor | Keeps signing keys, rotates them when needed, and shows verification status after DNS propagates. |
Add the DNS record
For a domain example.com, the dashboard will give you something like:
- Type: TXT
- Host / name:
smailor._domainkey.example.com(exact value comes from Smailor) - Value:
v=DKIM1; k=rsa; p=...(full string from the app)
Important
- Do not split or alter the
p=value unless your DNS provider requires fixed-length chunks (some UIs paste one long line, others split into quoted segments — both are fine if the concatenated key matches). - No extra quotes inside the record content unless your provider’s format requires them.
- After saving, wait a few minutes and tap Verify DNS on the domain’s Deliverability tab.
Verification in Smailor
- Open Settings → Domains → your domain.
- Go to Deliverability.
- Click Verify DNS.
Typical propagation: minutes to a few hours; rare cases take up to 24–48 hours.
Message you can reuse internally
Your IT team can paste the values straight from Smailor. If you summarize in email:
Add this DKIM record (exact host and value are in Settings → Domains → Deliverability):
Type: TXT
Host: [copy from Smailor — ends with ._domainkey.yourdomain]
Value: [copy full v=DKIM1; ... from Smailor]FAQ
Q: Do I generate my own DKIM key?
A: No. Smailor provisions signing; you only publish the public record we display.
Q: Is it safe if the public key material looks similar to other senders’ docs?
A: The public key is meant to be world-readable. Security depends on the private key staying on our side.
Q: Verification fails but the record looks correct
A: Wrong host (subdomain vs apex), propagation delay, or the provider truncated the key. Compare byte-for-byte with the dashboard and try a DNS lookup tool from another network.
Q: Key rotation
A: If we rotate keys, the dashboard will show updated records. Add the new TXT, wait for verification, then remove old selectors only when the product tells you they are retired.
See also
- Email setup — SPF and DMARC context
- Add a domain — full onboarding flow