Set up a Custom DKIM Signature set-up-a-custom-dkim-signature

In order to ensure top-notch deliverability, we automatically sign all outbound mail with a shared Marketo DKIM signature.

You may need the help of your IT team to complete some of the steps in this article.

You can personalize the DKIM signature to reflect the domain(s) of your choice. Here’s how.

  1. Go to the Admin section.

    note note
    If you set up a custom DKIM signature the old-fashioned way, it will continue to work and should show up here.
  2. Click Email.

  3. Click the SPF/DKIM tab, then Add Domain.

  4. Enter the domain you’ll be using in Marketo emails as the From Address. Choose a Selector and a Key Size. Click Add when done.

    table 0-row-2 1-row-2 1-width-20% 4-width-20% html-authored no-header
    Selector A unique string/identifier that's used to locate the public key portion of the DKIM record. It can be an arbitrary string, or a a unique identifier to separate out and identify the purpose of that DKIM key/record.
    Key Size The level of security you want your DKIM signature to be encrypted with.
    note tip
    • We recommend a Key Size of 2048.
    • If you use a different domain in your From Address, we’ll use the Marketo shared DKIM signature.
    note important
    If you need to update either the DKIM Selector or DKIM Encryption Size for your domain, you must delete your existing record and republish the newly generated record with the new values.
    Please note that when doing so, DKIM will not be signed for your domain until your new record is published and validated by our system. Plan your change accordingly, as it can take 24 to 48 hours before the new DKIM record is fully propagated across the internet.
  5. Send the Host Record and TXT Value to your IT. Ask them to create the record for you and make sure it propagates to all nameservers associated with the from domain. Marketo’s DKIM verification requires that the DKIM key is propagated to all nameservers associated with the domain being DKIM-signed.

  6. Once they confirm they’ve created the record, come back to Marketo, select your domain, and click Check DNS.

    note note
    If the confirmation fails and your IT has created the record correctly, it may be a matter of DNS propagation. Try again later.
    note caution
    Modifying/removing the corresponding DNS record will result in harmed deliverability. Make sure to delete the entry in Marketo before making DNS changes.

    This will absolutely help with your email deliverability. You should get validation that the record is there and correct.