Symptom
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
This KBA will give you guidance on how you as customer/partner can request for DKIM Key Activation for sending the Business Emails from your sender domains.
- SAP has changed the e-mail infrastructure used for business e-mails sent from SAP Business ByDesign (ByD).
- The new e-mail infrastructure supports Domain Keys Identified Mail (DKIM), which allows you to digitally sign your business e-mails.
- Business Mails are – e-mail messages sent through Ticket, Account, Appointment, Visits, Sales Quote, Workflow notification, etc. are all referred to business e-mail scenarios.
Environment
SAP Business ByDesign
Reproducing the Issue
Email domains that are not DKIM signed can no longer be delivered to e-mail recipients.
Note: It is now Mandatory to have DKIM enabled for your Domains
Resolution
Follow all of the following steps, one by one.
Step 1: Customer open an incident with SAP ByD Support to request the DKIM key
Request DKIM Key Activation for sending the Business Emails:
Please create an incident to SAP Cloud Support team from your respective SAP Business ByDesign(BYD) tenants providing the below-mentioned details.
Subject: Request to enable DKIM for Business Mails.
Content: Sender Domain address details that are used from your tenant to relay Business Mails (Example: example.com for scenarios like Tickets, Visits, Sales Quote, etc.).
NOTE 1 – Please provide the complete list of domains in case if you have multiple domains or subdomains used in your SAP Cloud for Customer/SAP Business ByDesign for relaying business mails.
NOTE 2 – A common key is generated if there are multiple domains.
NOTE 3 – It is recommended and best practice to not use the domains that are not signed with DKIM key for relaying mails from your ByD tenant, as there are possibilities they might be classified as SPAM by some recipient servers.
NOTE 4 – The key that will generated and provided to you is meant for your production and test environment as well(i.e.: the key is independent of the ByD tenant).
Step 2: SAP will provide DKIM Key and selector details to customer
Once the Incident is created with above details, SAP Support Team will validate this request and generate the DKIM Key(Text Record with Key Size – 2048 Bit).
After generating the DKIM Key, SAP Support Team will send the incident back to Customer with the below details:
- DKIM Key(Text Record).
- Selector details
Step 3: Customer maintains DKIM Key in customer DNS
Once customer has the details of DKIM Key and Selector, they need to create DKIM TXT record(s) in their DNS servers using given selector name for their domains.
Step 4: Customer validates DNS entry by executing a check on a dedicated website
Once the DKIM record is created in the customer DNS Server, they need to validate the DKIM check from their end with the below steps
- Go to DKIM Core
- Enter Selector
- Enter Domain
- Click check
Step 5: If check returns “This is not a good DKIM key record. You should fix the errors shown in red.”, customer to correct configuration until check returns “This is a valid DKIM key record”
Step 6: Important!: Customer to return incident back to SAP for SAP to be able to activate the DKIM profile for customer
If it gives Green Check(as shown below), please send the incident back to SAP Support team.
SAP will validate the DKIM Key Check and proceed with the activating the profile.
IMPORTANT NOTE:
- IF BUSINESS EMAILS ARE NOT RECEIVED TO YOUR INBOX POSSIBLE REASON COULD BE DKIM PROFILE ACTIVATION WAS NOT DONE FOR THOSE DOMAINS.
- YOU NEED TO SEND INCIDENT BACK TO SAP SUPPORT FOR THE FINAL ACTIVATION OF DKIM PROFILE.
- ONLY THEN YOUR BUSINESS EMAILS CAN LEAVE YOUR COMPANY AND CAN BE RECEIVED BY THE INTENDED RECIPIENTS.
Points to Note:
- The Service Request takes approximately 2 weeks of time for enabling and implementing.
- In case if you have multiple domains, please mention all the domains name, and only one key is provided by default for all the domains. Maintain the same DKIM key for all the domains.
- When maintaining the record as TXT record in the DNS server, there should not be any space or it shouldn’t be maintained in paragraphs.
- The record should be maintained as a single line.
- Given selector should be used.
- DKIM Activation for sending the Business Emails is activated based on the domains and customer not based on the tenants.
- Only one DKIM Key and one Selector will be generated for a customer, it applies to all of your tenants.
- If you fail to enable the DKIM Key for the sender domains used in SAP Business ByDesign system, Server will block the e-mails and emails will not be received in the recipient inbox.
- If the DKIM activation is already done previously, and in near future if you come up with another set of domains which you want to enable with the DKIM Key, for this scenario, you need to maintain the previously provided DKIM key and create incident to SAP Support requesting us to add the new domains to previous list. NOTE: In order to activate DKIM validity check needs to be done.
- Once your IT/DNS team updated the DKIM Key in the DNS Server, however upon validating the DKIM entry you see validity check failed. The reason would be your team did not maintain the DKIM Key correctly or maintained with the wrong format. If you reach SAP Support team to seek help, it may not be helpful as we from SAP may not know how your DNS server is maintained and we may not be experts in the DNS side as it depends on DNS provider settings. So please connect with your DNS experts to update the records correctly.
—————————-
Ex: Let’s say your domain is example.com and SAP generated the Selector:byd-busi-myxxxxxx DKIM Key:
v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB………..
Format to maintain the Host in your DNS is byd-busi-myxxxxxx._domainkey
If you have come up with new domain: example.org in the future. For the new domain you need to maintain the same selector and DKIM Key. Selector format will be byd-busi-myxxxxxx._domainkey
—————————-
See Also
Further you can also refer the below links:
Next-Generation Cloud Delivery transition – New Business ByDesign E-mail Infrastructure
DKIM Enablement for Sender Domains – ByD
DKIM Key Activation for Business Emails in SAP Business ByDesign(ByD)
Keywords
Business Email for ByD, DKIM for Business Emails, DKIM Activation, DNS. , KBA , dkim , dns , dkim activation , business email for byd , SRD-CC-CI-CCS , ByD Service Control Center , How To