Skip to Content
Product Information
Author's profile photo Ankitkumar Kaneri

DKIM Key Activation for Business Emails in Cloud for Customer(C4C) & Business ByDesign(BYD)

This Blog will help you to understand on the DKIM Key Activation Process for sending the Business Emails from your sender domains.

  • SAP has changed the e-mail infrastructure used for business e-mails sent from SAP Business ByDesign (ByD) & Cloud for Customer(C4C).
  • The new e-mail infrastructure supports Domain Keys Identified Mail (DKIM), which allows you to digitally sign your business e-mails.
  • Business Mails – e-mail messages sent through Ticket, Account, Appointment, Visits, Sales Quote, Workflow notification, etc. are all referred to business e-mail scenarios.

Request DKIM Key Activation for sending the Business Emails:

Please create an incident to SAP Cloud Support team from your respective SAP Cloud for Customer(C4C)/SAP Business ByDesign(BYD) tenants providing the below-mentioned details.
Subject: Request to enable DKIM for Business Mails.
Content:
Sender Domain address details that are used from your tenant to relay Business Mails (Example: example.com for scenarios like Tickets, Visits, Sales Quote, etc.).
NOTE 1 – Please provide the complete list of domains in case if you have multiple domains or subdomains used in your SAP Cloud for Customer/SAP Business ByDesign for relaying business mails.
NOTE 2 – A common key is generated if there are multiple domains.
NOTE 3 – It is recommended and best practice to not use the domains that are not signed with DKIM key for relaying mails from your C4C/ByD tenant, as there are possibilities they might be classified as SPAM by some recipient servers.
NOTE 4 – The key that will generated and provided to you is meant for your production and test environment as well(i.e.: the key is independent of the C4C/ByD tenant).

Below are the Execution steps for enabling DKIM Key:

  1. Once the Incident is created with above details, SAP Support Team will validate this request and generate the DKIM Key(Text Record with Key Size – 1024 Bit).
  2. After generating the DKIM Key, SAP Support Team will send the incident back to Customer with the below details:
    • DKIM Key(Text Record).
    • Selector details
  3. Once customer has the details of DKIM Key and Selector, they need to create DKIM TXT record(s) in their DNS servers using given selector name for their domains.
  4. Once the DKIM record is created in the customer DNS Server, They need to validate the DKIM check from their end with the below steps
    1. Go to https://dkimcore.org/tools/keycheck.html
    2. Enter Selector
    3. Enter Domain
    4. Click on check
  5. If it gives Green Check(as shown below)Please send the incident back to SAP Support team.
  6. SAP will validate the DKIM Key Check and proceed with the activating the profile.

Important Notes:

  • The Service Request takes approximately 2 weeks of time for enabling and implementing.
  • In case if you have multiple domains, please mention all the domains name, and only one key is provided by default for all the domains. Maintain the same DKIM key for all the domains.
  • When maintaining the record as TXT record in the DNS server, there should not be any space or it shouldn’t be maintained in paragraphs.
  • The record should be maintained as a single line.
  • Given selector should be used.
  • DKIM Activation for sending the Business Emails is activated based on the domains and customer not based on the tenants.
  • Only one DKIM Key and one Selector will be generated for a customer, it applies to all of your tenants.
  • If you fail to enable the DKIM Key based sending the Emails for your domains from SAP via incident, possibly your emails may end up in SPAM folder or Server may reject the Emails or Block the Emails and Emails will not be received by the recipient inbox.
  • If the DKIM activation is already done previously, and in near future if you come up with another set of domains which you want to enable with the DKIM Key, for this scenario, you need to maintain the previously provided DKIM key and create incident to SAP Support requesting us to add the new domains to previous list. NOTE: In order to activate DKIM validity check needs to be done.
  • Once your IT/DNS team updated the DKIM Key in the DNS Server, however upon validating the DKIM entry you see validity check failed. The reason would be your team didn’ maintained the DKIM Key correctly or maintained with wrong format. If you reach SAP Support team to seek help, It may not be helpful as we from SAP may not know how your DNS server is maintained and we may not be experts in the DNS side as it depends on DNS provider settings. So please Connect with your DNS experts to update the records correctly.

Further you can also refer the below links:

Migration to new Outbound Email Infrastructure

New Business ByDesign E-mail Infrastructure and Policies

DKIM Enablement for Sender Domains – ByD

—————————-

Ex: Let’s say your domain is example.com and SAP generated the

Selector:

c4c-****-myxxxxxx-example-com for C4C

byd-****-myxxxxxx-example-com for BYD

DKIM Key:

v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB………..
Format to maintain the Host in your DNS is c4c-****-myxxxxxx-example-com._domainkey
If you have come up with new domain in the future. For the new domain you need to maintain the same selector and DKIM Key. Selector format will be c4c-****-myxxxxxx-example-com._domainkey.newdomain.com
—————————-

Regards,

Ankit K

Assigned Tags

      4 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Lluch Homs
      Lluch Homs

      Hello Ankitkumar,

      Nice and very helpful blog.

      Let me ask, if after activating DKIM key there are still some e-mails delivered as junk mail, is anything else to do?

       

      Thanks,

      Author's profile photo Ankitkumar Kaneri
      Ankitkumar Kaneri
      Blog Post Author

      Hello Lluch,

      Thank you for your comment.

      I would suggest you to align with your IT/Network team to investigate and validate is their any IP whitelisting activities are performed in your network and verify the SPF records are updated in your network correctly.

      Also check which domains are activated and which emails are ending in junk folder.

      Regards,

      Ankit K

      Author's profile photo Jiyeon Yoo
      Jiyeon Yoo

      Hello Ankitkumar Kaneri,

       

      Thanks for the good blog.

      In the Imptant Note of your post, 'When maintaining the record as TXT record in the DNS server, there should not be any space or it shouldn’t be maintained in paragraphs.'
      I have a question for you.

      After registering TXT RECODE in DNS for DKIM, an error occurred and I looked up the record.

      The existing DNS server was using SPF. When registering SPF and DKIM in TXT RECODE to additionally set DKIM this time, it should be maintained without spaces or paragraphs, but is an error occurring because it is divided into paragraphs?

      Add a photo for reference.

       

       

      Author's profile photo Ankitkumar Kaneri
      Ankitkumar Kaneri
      Blog Post Author

      Hello Jiyeon Yoo,

      Is it possible for you to create an incident for the same and mention my name in the incident and we will connect over the call to discuss and will try to help you with this.

      Regards,
      Ankit K