DKIM Keys are similar to passwords, and best practices state that you should replace your DKIM keys if you feel that:

  • The keys may have been compromised
  • Keys are shorter than 1024 bits
  • Keys are older than 1 year
  • The DKIM best practice - rotate your keys quarterly. 

  1. Log in to Client Admin Portal

  2. Select the Outbound SMTP Service you wish to Rotate by clicking it, then click the Edit icon to edit the domains DKIM


  3. To start the rotation  of the DKIM Key click the link below the current DKIM  records


    Next click the Generate new key button which will create a new Next Key for you. The Live Key will stay active until the new record is validated

  4. vHRRg_Jn1d2ZEeFsEKiPBRcA6Vy4E8Tftw.png


  5. Then update the DKIM TXT records via your DNS provider and verify the DKIM record in the DuoCircle with the Next Key records that have been generated


  6. Click the Retry DKIM Check button to verify the TXT record has been updated


  7. Once verified you will need to click the green Rotate Now button to make the new Key active

  8. You will then see the green verified label for the DKIM record

  9. The last step is to Turn on Signing for DKIM


  10. You will now see the Verified label on both the SPF and DKIM on the configuration page


  11. You will also see the status of your sending domain on the Sender Domains & DKIM configuration page


NOTE: DKIM does not need to be Enabled in order for the domain to be considered Valid. As long as the DKIM is verified domain should be able to send mail.


How to verify your SPF and DKIM records

Configuring DKIM, turning on and off signing your DKIM records