DKIM Keys are similar to passwords, and best practices state that you should replace your DKIM keys if you feel that:

  • The keys may have been compromised
  • Keys are shorter than 1024 bits
  • Keys are older than 1 year
  • The DKIM best practice - rotate your keys quarterly. 


  1. Log in to Client Admin Portal

  2. Select the Outbound SMTP Service you wish to Rotate by clicking it, then click the Edit icon to edit the domains DKIM

    k_0VungmS7kaePS6K4km-eYvGFscXFqP_Q.png


  3. To start the rotation  of the DKIM Key click the link below the current DKIM  records

    A5yevktMbpiCuWGutEH-D_0RQKzVAmJOBQ.png


    Next click the Generate new key button which will create a new Next Key for you. The Live Key will stay active until the new record is validated

  4. vHRRg_Jn1d2ZEeFsEKiPBRcA6Vy4E8Tftw.png

     

  5. Then update the DKIM TXT records via your DNS provider and verify the DKIM record in the DuoCircle with the Next Key records that have been generated

    HBV5YnTbiDAYllYUGRls9yID3MFj7DrWzQ.png


  6. Click the Retry DKIM Check button to verify the TXT record has been updated

    nQgzwaPsgEZZWokZTNbHFAcBToe3Y3TndA.png


  7. Once verified you will need to click the green Rotate Now button to make the new Key active

  8. You will then see the green verified label for the DKIM record

  9. The last step is to Turn on Signing for DKIM

    crxczfMmP7WoUvZxwDJ27KPgW6Z735_6BA.png

  10. You will now see the Verified label on both the SPF and DKIM on the configuration page

    Y7IFeKdB82zQoWPD9MNSsXJaZyzADShT5Q.png


  11. You will also see the status of your sending domain on the Sender Domains & DKIM configuration page

    KELNl5-doxl5PRlWu-jBGD5dXeNvaNfP7A.png


NOTE: DKIM does not need to be Enabled in order for the domain to be considered Valid. As long as the DKIM is verified domain should be able to send mail.

 

Resources:
How to verify your SPF and DKIM records

Configuring DKIM, turning on and off signing your DKIM records