SAP will validate the DKIM Key Check and proceed with the activating the profile.
Product Information
DKIM Key Activation for Business Emails in SAP Business ByDesign(ByD)
This Blog will help you to understand the DKIM Key Activation Process for sending the Business Emails from your sender domains.
- SAP has changed the e-mail infrastructure used for business e-mails sent from SAP Business ByDesign (ByD).
- The new e-mail infrastructure supports Domain Keys Identified Mail (DKIM), which allows you to digitally sign your business e-mails.
- Business Mails ARE – e-mail messages sent through Ticket, Account, Appointment, Visits, Sales Quote, Workflow notification, etc. are all referred to business e-mail scenarios.
Follow all of the following steps, one by one.
Step 1: Customer to open an incident with SAP ByD Support to request the DKIM key
Request DKIM Key Activation for sending the Business Emails:
Please create an incident to SAP Cloud Support team from your respective SAP Business ByDesign(BYD) tenants providing the below-mentioned details.
Subject: Request to enable DKIM for Business Mails.
Content: Sender Domain address details that are used from your tenant to relay Business Mails (Example: example.com for scenarios like Tickets, Visits, Sales Quote, etc.).
NOTE 1 – Please provide the complete list of domains in case if you have multiple domains or subdomains used in your SAP Cloud for Customer/SAP Business ByDesign for relaying business mails.
NOTE 2 – A common key is generated if there are multiple domains.
NOTE 3 – It is recommended and best practice to not use the domains that are not signed with DKIM key for relaying mails from your ByD tenant, as there are possibilities they might be classified as SPAM by some recipient servers.
NOTE 4 – The key that will generated and provided to you is meant for your production and test environment as well(i.e.: the key is independent of the ByD tenant).
Step 2: SAP will provide DKIM Key and selector details to customer
Once the Incident is created with above details, SAP Support Team will validate this request and generate the DKIM Key(Text Record with Key Size – 2048 Bit).
After generating the DKIM Key, SAP Support Team will send the incident back to Customer with the below details:
-
- DKIM Key(Text Record).
- Selector details
Step 3: Customer maintains DKIM Key in customer DNS
Once customer has the details of DKIM Key and Selector, they need to create DKIM TXT record(s) in their DNS servers using given selector name for their domains.
Step 4: Customer validates DNS entry by executing a check on a dedicated website
Once the DKIM record is created in the customer DNS Server, They need to validate the DKIM check from their end with the below steps
-
- Go to https://dkimcore.org/tools/keycheck.html
- Enter Selector
- Enter Domain
- Click on check
Step 5: If check returns “This is not a good DKIM key record. You should fix the errors shown in red.”, customer to correct configuration until check returns “This is a valid DKIM key record”
Step 6: Important!: Customer to return incident back to SAP for SAP to be able to activate the DKIM profile for customer
If it gives Green Check(as shown below)Please send the incident back to SAP Support team.
IMPORTANT NOTE:
-
- IF BUSINESS EMAILS ARE NOT RECEIVED TO YOUR INBOX POSSIBLE REASON COULD BE DKIM PROFILE ACTIVATION WAS NOT DONE FOR THOSE DOMAINS.
- YOU NEED TO SEND INCIDENT BACK TO SAP SUPPORT FOR THE FINAL ACTIVATION OF DKIM PROFILE.
- ONLY THEN YOUR BUSINESS EMAILS CAN LEAVE YOUR COMPANY AND CAN BE RECEIVED BY THE INTENDED RECIPIENTS.
Important Notes:
- The Service Request takes approximately 2 weeks of time for enabling and implementing.
- In case if you have multiple domains, please mention all the domains name, and only one key is provided by default for all the domains. Maintain the same DKIM key for all the domains.
- When maintaining the record as TXT record in the DNS server, there should not be any space or it shouldn’t be maintained in paragraphs.
- The record should be maintained as a single line.
- Given selector should be used.
- DKIM Activation for sending the Business Emails is activated based on the domains and customer not based on the tenants.
- Only one DKIM Key and one Selector will be generated for a customer, it applies to all of your tenants.
- If you fail to enable the DKIM Key for the sender domains used in SAP Business ByDesign system, Server will block the e-mails and emails will not be received in the recipient inbox.
- If the DKIM activation is already done previously, and in near future if you come up with another set of domains which you want to enable with the DKIM Key, for this scenario, you need to maintain the previously provided DKIM key and create incident to SAP Support requesting us to add the new domains to previous list. NOTE: In order to activate DKIM validity check needs to be done.
- Once your IT/DNS team updated the DKIM Key in the DNS Server, however upon validating the DKIM entry you see validity check failed. The reason would be your team didn’ maintained the DKIM Key correctly or maintained with wrong format. If you reach SAP Support team to seek help, It may not be helpful as we from SAP may not know how your DNS server is maintained and we may not be experts in the DNS side as it depends on DNS provider settings. So please Connect with your DNS experts to update the records correctly.
Further you can also refer the below links:
Next-Generation Cloud Delivery transition – New Business ByDesign E-mail Infrastructure
DKIM Enablement for Sender Domains – ByD
—————————-
Ex: Let’s say your domain is example.com and SAP generated the
Selector:
byd-busi-myxxxxxx
DKIM Key:
v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB………..
Format to maintain the Host in your DNS is byd-busi-myxxxxxx._domainkey.example.com
If you have come up with new domain in the future. For the new domain you need to maintain the same selector and DKIM Key. Selector format will be byd-busi-myxxxxxx._domainkey.newdomain.com
—————————-
Regards,
Ankit K
Hello Ankitkumar,
Nice and very helpful blog.
Let me ask, if after activating DKIM key there are still some e-mails delivered as junk mail, is anything else to do?
Thanks,
Hello Lluch,
Thank you for your comment.
I would suggest you to align with your IT/Network team to investigate and validate is their any IP whitelisting activities are performed in your network and verify the SPF records are updated in your network correctly.
Also check which domains are activated and which emails are ending in junk folder.
Regards,
Ankit K
Hello Ankitkumar Kaneri,
Thanks for the good blog.
In the Imptant Note of your post, 'When maintaining the record as TXT record in the DNS server, there should not be any space or it shouldn’t be maintained in paragraphs.'
I have a question for you.
After registering TXT RECODE in DNS for DKIM, an error occurred and I looked up the record.
The existing DNS server was using SPF. When registering SPF and DKIM in TXT RECODE to additionally set DKIM this time, it should be maintained without spaces or paragraphs, but is an error occurring because it is divided into paragraphs?
Add a photo for reference.
Hello Jiyeon Yoo,
Is it possible for you to create an incident for the same and mention my name in the incident and we will connect over the call to discuss and will try to help you with this.
Regards,
Ankit K