Description
This article explains the procedure for administrators to configure the DKIM feature in Email DLP.
Notes
- The content of this article is based on product specifications as of June 2026 and is subject to change without notice.
- For instructions on how to access the Email DLP Administration, please refer to the following article.
[Email DLP] How to log in to the Administration - Please refer to the following article for an overview and FAQs regarding DKIM.
[Email DLP] About DKIM
Table of Contents
Procedure
Activate DKIM
-
Access [Tenant Settings] - [DKIM Settings] in the Email DLP Administration.
-
Click [+ Add new selector].
-
When the [Create DKIM Selector] window appears, enter the following information.
- [Selector Name]: Enter any value that meets the following conditions.
* Allowed characters: Alphanumeric characters a-z, 0-9, dot (.), hyphen (-)
* Maximum length: 63 characters
* Other conditions: Must start with a lowercase letter. -
[Key Length]: Select either [1024 bits] or [2048 bits].
For enhanced security, we recommend issuing with a key length of 2048 bits.
If you cannot set a key length of 2048 bits due to DNS string length limitations, please issue with a key length of 1024 bits.
- [Selector Name]: Enter any value that meets the following conditions.
-
The generated record will be displayed. Add it to your DNS as a TXT record.
* By default, the TXT record value includes the test mode tag (t=y;). If you are using it for actual training, please uncheck [Include test mode tag] before copying.
* If you want to activate DKIM records for multiple domains including subdomains (e.g., sub.example.com), you need to add this TXT record to the DNS of each target domain.
* The method for adding TXT records to your DNS server may vary depending on the server.
For details, please check with your DNS server provider. -
Open Command Prompt (Windows) or Terminal (macOS), run the command, and confirm that the value of the TXT record you set is displayed.
<For Windows> * Please use Command Prompt.
nslookup -type=TXT <selector name>._domainkey.<added domain> 8.8.8.8Example output
C:\Windows\system32>nslookup -type=TXT <selector name>._domainkey.<added domain> 8.8.8.8 Server: dns.google Address: 8.8.8.8 Non-authoritative answer: <selector name>._domainkey.<added domain>. text = "v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3<omitted>dPx4QIDAQAB"<For macOS> * Please use Terminal.
dig +short @8.8.8.8 <selector name>._domainkey.<added domain> txtExample output
dig +short @8.8.8.8 <selector name>._domainkey.<added domain> txt "v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3<omitted>dPx4QIDAQAB" -
After registering the TXT record in DNS, click [Activate].
-
Enter the domain name to register DKIM in [Domain Name] and click [Activate].
To register multiple domains, click [+ Add new domain] to add more fields.
* For instructions on how to add domains to an existing selector, please refer to the following article.
Add domains to an existing DKIM
Check DKIM Activation Status
Perform the following steps for all domains where DKIM has been activated.
-
In the Email DLP Administration, go to [Tenant Settings] - [DMARC Application Status].
-
Click the domain where DKIM has been activated to view the details.
-
Confirm that the status of [DKIM] is "Enabled".
Verify DKIM
When you newly register DKIM, follow the steps below to disable test mode and perform operation testing.
* If you are newly introducing Email DLP, please disable test mode and perform operation testing after Email DLP connection is complete.
Disable Test Mode
Check the TXT record set on your DNS server and remove "t=y;" from the DKIM value.
* No action is required in Email DLP. (The TXT record displayed in Email DLP is a sample record.)
After deleting the tag, check the status again in Check DKIM Activation Status.
Operation Test
- [Email DLP] Operation Test (Microsoft 365) - [Check Email DLP DKIM Settings]
- [Email DLP] Operation Test (Google Workspace) - [Check Email DLP DKIM Settings]