DKIM and "Selector" Settings

I apologize in advance for any stupidity and will submit separate questions on other aspects of this to get rid of the dreaded yellow flag.
I see Cloudflare has a wizard for DKIM. The terminology they use in the first blank box is “selector.” My domain provided says they don’t know what a “selector” key is and call it a “value.” Also, all of the examples on the web show selector._domainkey etc.
However, my provider provided me with “dkim.domainkey etc.
Is that what I should enter on Cloudflare or should I use selector._domainkey…etc” ?
Also the text they supplied on other stuff had no quotation marks. I assume I get rid of of those quotation marks in the DKIM text, right, otherwise I will break the Internet???
As I understand it, get one piece of the text wrong and you mess up your email.
I will have other questions later on using the SPF wizard
My provider wants to know why they want my ipv6 and ipv4 addresses since they are associated with my Internet provider, and not them, or Cloudlfare. I am not sure which numbers to use, quite frankly, after talking with my provider, since I got so many conflicting answers and do not want to create a bad rule which will blow up my house.
Again, as the dumbest person on Cloudflare I apologize in advance for my stupidity.
I wish there was ONE place on Cloudflare I could go to get a walkthrough on this.
Maybe there is and I missed it.
Thanks smart people!!!

So, the selector is arbitrary but needs to be whatever your provider says it should be. So if they tell you it will be dkim._domainkey.blabla then the selector is dkim. You don’t need to enter the _domainkey part in the Cloudflare setup wizard thingy.

For the content it should be pasted in exactly as they provide. Failing to remove the quotation marks won’t break the internet (in fact, it will still work).

For SPF, the ipv4 and ipv6 addresses aren’t of your home computer; they should be the addresses of your mail server. However, again, this should be exactly what your provider says it should be. It’s possible that all they need you to do is reference their domain, in which case you can just leave the IP address field blank.

For both cases, if you can share the exact instructions they provided, we can be more specific, and, one hopes, avoid blowing up your house.

1 Like

Hey thanks,

this is what they said to put in the first block before the block where you post all the text.

Other Host
dkim._domainkey.[domain].net

So it looks like I DO have to type domainkey after the first underscore?

As for the ipv4, I know, I know. I tried to explain that Cloudflare is a proxy but they kept pointing me to my computer and my computer. I gave up. They wouldn’t give me the ipv4 and ipv6 to use, they said it comes from Cloudflare and Cloudflare makes it clear it does not. (I am 3 hours on on the help desk at this point.)

So you are saying I can leave it blank and just put the domain??? :slight_smile:

AND, if I just do the DKIM thing, will that call off the gmail authenticating dogs or do I need to do all of it, DKIM, SPF, DMARC (I think that’s it) and the other stuff too???

Thanks SO MUCH for your help. I really appreciate it!!

No, in the setup wizard you can just enter dkim without the rest. If you were creating the DNS entry manually then you would need to include the other part.

For SPF it does need to contain your mail server address. If they don’t know what to tell you to put, then perhaps they don’t have SPF set up themselves. So, presumably you have a mail server (SMTP) that you use to send mail? You can use that address directly by looking up the name to obtain the ipv4 and ipv6 addresses. If you don’t know how to do that, post the mail server address and I can look it up for you and tell you what to enter.

The internet is full of people trying to get their email delivered to Gmail (and even more so for Microsoft, which is even more troublesome). My recommendation is to have DKIM, SPF, DMARC, TLS, and reverse DNS (you have no control over the last two things, that’s up to your provider) and they do seem to prefer having a restrictive SPF/DMARC policy. IP address and domain “reputation” enter into it as well.

1 Like

Hey There, still a little confused.

let’s say my domain is bubblebaths [dot] com

In the first “block” on the DKIM page at Cloudflare, are you saying I enter:

a.) dkim._domainkey.bubblebaths dot com

or

b. dkim._bubblebaths dot com

or just dkim?? (That is what it seems like you just said.)

Surely it can’t be just dkim, that has no unique identifier. When I enter that and see the preview, that is all there is. It does not autopopulate. It has to be more of a “header” than just dkim.

Sorry!!!

Would it hurt to enter in a.) which is explicitly what my provider told me to enter, or is that causing a fatal redundancy??? I am trying to find that other information you asked for.

Bear with me and thanks so much for your help.

If dkim is the selector your host gave you–if they said the DNS entry should be dkim._domainkey.bubblebaths.com – then yes, you just enter dkim there. The preview below should automatically be adding ._domainkey to what you enter. You’ll notice if you type the _domainkey part yourself, the preview will show it twice, and that would be bad.

The “selector” can be anything, but you have to use what the host set it to. It could be ilovechocolate if they wanted. The fact that they chose dkim does make it sound like it’s “part of the protocol” but it’s just a name that could be anything, and that’s called a “selector”.

Then in Content you just paste in what they gave you.

Ok I can try that thanks! I thought it would need my domain as part of that header but if you are an expert I will just go with that. I assume it will not “break anything” or make my email undeliverable if for some oddball reason it does want more than what you instructed? I am just confused at them for telling me that is what I should use as a “value” if that is not correct. So you are saying Cloudflare’s software makes it clear to the outside world that THIS selector DKIM “selector” refers to my domain and I don’t have to make that part of the “equation” in the first box under the Selector? How does it make a “unique identifier” with just that generic info?

Anyway, I found a site called DNS watch, entered my domain, used Mx drop down, grabbed the server domain, entered that, used the A record search and came up with a number with 3 digits, 2 digits, 3 digits, 3 digits. According to the youtube I watched, that is the number I use as my IP address.

When I used the cmd prompt example from the same video and pinged my smtp server, I got another number (same for mail and smtp_ which was 3 digits, 3 digits. 2 digits, 2 digits.

I have no idea which is which and what is what, but that is what the youtube said to do at DNS watch and manual pinging and I got 2 different answers.

Thanks for your guidance! Maybe I will get there!!

The domain is being added automatically as part of the created DNS entry.

Your MX and SMTP addresses are not necessarily going to be the same. What you need for SPF is the addresses of the server that will be sending mail from your domain, which is what you would put into your mail program, for example. But you’re going to want both the ipv4 and ipv6 addresses. Again, if you want to post that SMTP server name I can look it up for you.

1 Like

Hello There Again!

Well I was on the phone with Network Solutions for long while this morning, and my head was spinning more when I got off. I could not seem to get an answer that made sense to me. My first question to them: what are my ipv4 and ipv6 addresses from your server since you handle my email? I was told I had to log in to my account and look at view DNS. There I saw a number which is listed on my Cloudflare account dashboard as the “A” Record of of email settings. They said “Your IPv4 and ipv6 record is the same.” Which makes no sense to me.

Then they pointed me to these two websites, maybe you are using one: What’s My DNS dot net and DNS watch dot info. (Which you may be using.)

So in DNS watch (showing same results as other site):

I put in my website and select A record. It shows Dilbert and Tori and below that TWO numbers listed for A, which Networks solutions say is the ipv4.

If I toggle to AAAA (ipv6) I get two more numbers.

Is that what Cloudflare is looking for?

This seems to be associated with Cloudflare so they should already know it, right?

If not, what IS the website where I plug in my smtp server name and what is it I am trying to locate that is not on DNS watch? In other words, armed with the “server name” where would you YOU go to look it up. I want to try it myself so I understand all of this. (To be utterly redundant, Network Solutions says the only “email server IP info we have is in the DNS records which is actually one number, and is listed as A in my MX records.” That is what they said,

By server name, do we mean smtp.[domain?] ??

When I PING the smtp on my computer at netsol server I get a different set of numbers, not what I See when I log in and look at “view DNS.” That shows the number on my MX records, which, again, Cloudflare already has. And again, network Solutions says that is all the info they have, they don’t have anything else.

So, I have come full circle.

If I go to DNS watch and retrieve the numbers I just stated above is THAT what Cloudflare is looking for, and why? If they already have them?

If not, and I am going to the wrong website, which different website do I go to to “look it up” and what are they looking for, if it is different than what I found?

And is Cloudflare looking for BOTH numbers listed under A and AAAA records if you type in your domain in DNS watch?

Sorry if I am causing headaches, I just want to know how all this works so I can be more self-reliant next time.

Thank you so much your time and patience with me. This is like trying to lean a new language for me. A language in which every word can mean 10 different things.

I just submitted a detailed response about my email settings which for some odd reason were blocked by Askimet and it now being reviewed by a staff member. Mmmmmmmm. I am just asking a question.

Well, until it shows up, here is a SHORT version.

What is the website YOU are going to to look up the ipv4 and 6 and what would YOU be entering? By server name do you just mean smtp dot domain???

Are you going to DNS watch or another site??? I want to enter whatever it is myself I am supposed to enter. I just spent a long time on the phone with Network solutions and got nowhere.

If the response I just sent which is now in admin limbo ever shows up you will see why I am utterly confused. But I don’t want to retype it.

So I guess, again, short version, what is website you could go to to look it up and what would you enter, and what would you be looking for.

Again, sorry, but thanks for your help.

None. I would use command-line tools to directly do the DNS lookups. Get the addresses of the mail server, and check what if any SPF record they already have set up, and from that piece together what your SPF record should be.

It’s a simple question for any email provider, what your SPF record should be, and they should have a stock answer for it, as they are the only ones who can answer it. Failing that, I can try to work out what it should be, and beyond that, am pretty much at the end of what I can do to help. You should be coming here armed with the needed information, and only need help to know how to enter that information into Cloudflare. It’s puzzling that an email service provider can’t answer this simple question.

Bingo. It is puzzling.

I sent them a detailed email stating that and what I have found out so far, and have asked to have a tech manager call me on Monday. I will see what I can get. If I am still stumped at that point I will reach out again but do not want to wear out the welcome mat. When you say address of the email server can you tell me exactly what I should provide you with, because this is new for me. Do you mean smtp [domain]netsolmail dot net, or something like that? Or something else? Because I do not know the terminology I don’t know what to send you if I did, and I have asked them directly, and they have not answered basic questions so it is frustrating.

I have the numbers from DNS Watch that I got from just typing in my domain and using the toggles,. but I gather you are saying that is not it??

But I appreciate your help and patience that is for sure. If you have a screenshot of something that looks like the info you are asking me for (just an example) I can send it to them and say: this. They want something that looks like this.

So thanks again, and if you can help me understand the format of what you are asking me for (what does the smtp server name look like, I think I know but I don’t want to assume) then I can ask you on Monday or something if I find out they can’t answer this simple, simple question.

Again, thanks for your help.

When you set up your email program, it uses an outgoing or SMTP server name. Or, even just who the provider is, that could be enough information to go on.