×

Want to Search?

Go here

Switch Language

English Nederlands

Contact Us

Get Help Give feedback

I am a Zivver admin

Configure and manage Zivver

DKIM

DKIM verifies that the domain owner authorized the email that the sender sent from that domain.

With DomainKeys Identified Mail (DKIM) Zivver can take responsibility for a message. In this process, a recipient can verify that message. Zivver generates a public key in the Zivver DNS settings in the admin portal. Then, Zivver signs the emails with a private key so that the receiving mail servers can verify the email.

DKIM key rotation

The DKIM key rotation feature allows administrators to maintain secure email authentication by generating new DKIM keys when needed. Organizations with a strong security posture apply a policy that requires DKIM keys are rotated every 1 or 2 years. Zivver recommeds this practice. Use this feature from the domain detail page to create a new key pair, then update your DNS with the new public key to complete the rotation.

Warning

Refreshing the DKIM key can temporarily break ‘Send from own domain’ for secure messages, until the new key is published in the DNS. If recipient mail servers have cached the old DKIM key, validation may fail until the cache expires. We advise to set a short TTL when applying the related DNS changes. You can reload the domain detail page in the Zivver admin console and check the ‘on’ flag for Zivver DKIM to see if the new value is propagated.

For DLP Gateway customers, the impact is greater: users that need to send a message unsecurely through the Zivver web app, will be blocked as DKIM signing is required for these messages.

We advise DLP gateway customers to carefully review the frequency of rotation, as well as the timing, given the impact described above. In other words: Rotate when absolutely necessary and during periods of zero email traffic. Use at your own risk.

Procedure

  1. Go to the Domains page.
  2. Log in with your administrator credentials.
  3. Click the button next to the domain for which you want to rotate the DKIM key.
  4. Under the Send from own domain section, expand the DKIM section.
  5. Click the button.
  6. Click the button in the TXT Record field to copy the new DKIM key.
  7. Go to your DNS management panel and update the existing TXT record with the new DKIM key.

Updated on 2025-05-14