How to set up DKIM on Cloudflare
This is a quick guide on how to set up DKIM on Cloudflare — including Amazon SES DKIM.
I use Amazon SES for all my emailing. It makes it trivially cheap… pennies on the dollar compared to most other email systems.
But this affordability comes at a cost — I have to do quite a bit of set-up.
So, if you’re wondering how to set up DKIM on Cloudflare — here’s a quick guide.
DKIM on Cloudflare — an Overview
Firstly, what does DKIM do, and why do you need it? I’ll explain this briefly.
DKIM is one of those important things to set up. It stands for… something, it doesn’t matter. What’s important is what DKIM does.
DKIM says “Hy this random server somewhere is allowed to send emails on behalf of hooshmand.net and it’s totally legitimate.” That’s what DKIM does. It’s an authenticity certificate for email.
Setting up DKIM is a slightly confusing process as everyone has a different email system and DNS provider. I had to do a bit of experimenting to get it to work between SES and Cloudflare, which is why I’m publishing this.
Cloudflare is, for hobbyists, essentially free edge caching and security for websites around the world. To get Cloudflare to work, you have to use it as your DNS provider.
So here’s how to use Cloudflare’s DNS settings to configure DKIM.
Step 1. Get the DKIM settings (from Amazon, etc.)
Get the DKIM settings from your web services account. For me, this is Amazon SES.
In Amazon SES console, go to “Identity” and “Domains”.
Look at the settings. There should be three entries that you have to add to your DNS provider for DKIM to work.
Step 2. Add the settings in your Cloudflare account
Two things to note
- Add only the stem of the domain.
- Choose DNS Only.
On adding the stem of the domain: You get a record that will look something like abcd123498usdflkajsdfals._domainkey<strong>.yourdomain.com</strong>
.
You want to omit the boldface parts (.yourdomain.com
), and put in just abcd123498usdflkajsdfals._domainkey
as the name of the record (no quotes).
For the content, paste the whole content, all the way through to “amazonses.com
.
It’s really important to choose DNS only, and not Proxied. If you choose proxied, your DKIM setup will fail.
Step 3. Wait a (little) while.
You normally have to wait up to 72 hours for DKIM to propagate.
In reality, it’s usually between a few hours and a day. Sometimes (like the last time I did it) it’s just a few minutes. It’s unpredictable.
You’ll probably get an email saying your DKIM setup was successful.
But in my experience, more than a few hours and you’ve likely done something wrong.
Like this article? Drop me a line and say thanks.