To enhance security for outgoing email and improve deliverability, the DKIM standard adds an encrypted signature to the header of all outgoing messages. Email servers that receive signed messages use DKIM to decrypt the message header and verify the message was not changed after it was sent.
This article explains how to use the Message Center API to generate DKIM keys that can be stored in your DNS provider so that all transactional emails sent by VTEX can be recognized as legitimate.
These instructions only apply if the sender is set up using VTEX mail servers. If you use your own SMTP provider, you need to enable DKIM in your mail server.
DKIM endpoint
post https://{accountName}.{environment}.com/api/mail-service/pvt/providers/:EmailProvider/dkim
{accountName}should be replaced with your store account name (e.g. cosmetics2){environment}should be replaced with the environment you are using (e.g. vtexcommercestable):EmailProvidershould be replaced with the configured email address (e.g.help@valdie.co)
See the Message Center API reference for more details.
Generating a DKIM key for your domain
Before you have set up a sender in Message Center using VTEX mail servers, this is the expected response from the DKIM endpoint:
_10{_10 "status": "emailNotFound",_10 "dkimKeys": null_10}
Once the sender has been set up, you should receive an email from Amazon Web Services requesting you to authorize the configured email address to use Amazon SES.
Clicking the confirmation link provided in the email body verifies you are the owner of the configured email address. This is required for the mail server to send mail on your behalf. Until this is done, this is the expected response from the DKIM endpoint:
_10{_10 "status": "emailNotVerified",_10 "dkimKeys": null_10}
Once you have clicked the confirmation link, test your SMTP configuration by clicking the ✅Test button, as shown in the image below.
After clicking ✅Test button, you should receive an email from the VTEX mail server using the sender you selected. The email message sent follows the Message Center template messageservice_teste_email, which can be customized as in the image below.
If you do not receive any messages, review your sender configuration and try again.
Once you have correctly set up a sender in Message Center using VTEX mail servers, you should get a response similar to the one below from the DKIM endpoint:
_10{_10 "status": "created",_10 "dkimKeys": [_10 "'n4zbltwizctxpgcmqrars4bmfdd3zlyo._domainkey.valdie.co','CNAME','n4zbltwizctxpgcmqrars4bmfdd3zlyo.dkim.amazonses.com'",_10 "'sq3iae4be52fhqq3wm44btttvndeecfv._domainkey.valdie.co','CNAME','sq3iae4be52fhqq3wm44btttvndeecfv.dkim.amazonses.com'",_10 "'n4z5g2g7yfy4pnhjklfesxrrkt4o2ha4._domainkey.valdie.co','CNAME','n4z5g2g7yfy4pnhjklfesxrrkt4o2ha4.dkim.amazonses.com'"_10 ]_10}
Adding the public key to your DNS records
Now that you have generated a DKIM key for your domain, you need to add the values listed in dkimKeys in your DNS records. Read the documentation for your domain name for specific instructions on how to do that, but this is the general flow:
- Sign in to the management console for your domain host.
- Locate the page where you update DNS records.
- Add a TXT record corresponding to your DKIM keys.
- Save changes.
In up to 72 hours, all settings will be applied automatically, and our servers will start adding a DKIM signature to all outgoing messages.