2937666 - DKIM Key Activation for sending the Business Emails in SAP Business ByDesign (ByD)

Symptom

This KBA will give guidance on how the customer/partner can request for DKIM Key Activation for sending the Business Emails from the sender domains.

SAP has changed the e-mail infrastructure used for business e-mails sent from SAP Business ByDesign (ByD).
The new e-mail infrastructure supports Domain Keys Identified Mail (DKIM), which allows to digitally sign business e-mails.
Business Mails are – e-mail messages sent through Ticket, Account, Appointment, Visits, Sales Quote, Workflow notification, etc. are all referred to business e-mail scenarios.

Environment

SAP Business ByDesign

Reproducing the Issue

Email domains that are not DKIM signed can no longer be delivered to e-mail recipients.

Cause

It is now Mandatory to have DKIM enabled for the customer's Domains.

Resolution

Below are the steps.

Step 1: Open an Case with SAP ByD Support to request the DKIM activation.

Request DKIM Key Activation for sending the Business Emails:

Create an case to SAP Cloud Support team, from the respective SAP Business ByDesign(BYD) tenant, providing the below-mentioned details.

Subject: Request to enable DKIM for Business Mails.

Content: Sender Domain address details that are used from the tenant to relay Business Mails (Example: example.com for scenarios like Tickets, Visits, Sales Quote, etc.).

NOTE 1 – Provide the complete list of domains, in case of multiple domains or subdomains used in SAP Business ByDesign's tenant for relaying business mails.

NOTE 2 – A common key is generated if there are multiple domains.

NOTE 3 – It is recommended and best practice to not use the domains that are not signed with DKIM key for relaying mails from ByD's tenant, as there are possibilities they might be classified as SPAM by some recipient servers.

NOTE 4 – The key that will be generated and provided is meant for productive and test environments (i.e.: the key is independent of the ByD tenant).

NOTE 5 – DKIM can only be provisioned once per domain and cannot be configured across multiple tenants belonging to different customers for the same domain.

Step 2: SAP will provide DKIM Key and selector details.

Once the Case is created with above details, SAP Support Team will validate this request and generate the DKIM's records (Text Record with Key Size – 2048 Bit).

After generating the DKIM Key, SAP Support Team will send the case back to Customer with the below details:

- DKIM Key(Text Record).
- Selector details

Step 3: Customer maintains DKIM Key and selector in it's DNS.

Once customer has the details of the DKIM's Key and Selector, they need to create DKIM TXT record(s) in their DNS servers, using the given key and selector name for their domains.

Step 4: DNS entry check on a dedicated website.

Once the DKIM TXT is created in the DNS Server, a validation must be processed to check the it's maintained records, below are the steps:

1. Go to DKIM Core
2. Enter Selector.
3. Enter Domain.
4. Click on Check.

If the Check returns “This is not a good DKIM key record. You should fix the errors shown in red.”, the DKIM's records are not maintained correctly, therefore a new adjustment is required on the DKIM TXT record(s) in the DNS servers.

If the Check returns “This is a valid DKIM key record”, the DKIM's records are maintained correctly, and it's activation can be processed.

Step 5: Important!: The Case must be sent back to SAP, to proceed with the DKIM's activation.

If a green check is returned, (“This is a valid DKIM key record”), the case must be sent back to SAP's Support Team.

SAP will validate the DKIM Key Check and proceed with the activating the profile.

IMPORTANT NOTE:

IF BUSINESS EMAILS ARE NOT RECEIVED TO THE DESIRED INBOX, A POSSIBLE REASON COULD BE THAT THE DKIM PROFILE ACTIVATION WAS NOT COMPLETED FOR THOSE DOMAINS.
IT IS REQUIRED TO SEND THE CASE BACK TO SAP'S SUPPORT TEAM FOR THE FINAL ACTIVATION OF DKIM PROFILE.
ONLY THEN THE BUSINESS EMAILS CAN BE SENT FROM THE TENANT AND RECEIVED BY THE INTENDED RECIPIENTS.

Points to Note:

The Service Request takes approximately 2 weeks of time for enabling and implementing.
In case multiple domains are required to be activated, mention all the domain's names. Only one key will be provided by default for all the domains. Maintain the same DKIM key for all the domains.
When maintaining the record as TXT record in the DNS server, there must not be any space or paragraphs.
The record should be maintained as a single line.
The Given selector must be used.
DKIM Activation for sending the Business Emails is activated based on the domains and customer not based on the tenants.
DKIM can only be provisioned once per domain and cannot be configured across multiple tenants belonging to different customers for the same domain.
Only one DKIM Key and one Selector will be generated for a customer, it applies to all of the customer's tenants.
If the provided DKIM's Key and selector are not maintained correctly for the sender domains, used in SAP Business ByDesign system, the server will block the mails, therefore not being sent.
If the DKM's activation was already performed previously, and a new domain is needed, on this scenario, the previously provided DKIM key and selector needs to be maintained on the DNS. After the DKIM's validity check is performed, create case to SAP Support requesting to activate the new domains.

—————————-

Ex: Let’s say your domain is example.com and SAP generated the Selector:byd-busi-myxxxxxx DKIM Key:

v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB………..

Format to maintain the Host in your DNS is byd-busi-myxxxxxx._domainkey

If you have come up with new domain: example.org in the future. For the new domain you need to maintain the same selector and DKIM Key. Selector format will be byd-busi-myxxxxxx._domainkey

—————————-

Keywords

Business, e-mail, email, DKIM, BYD, activation, domain, dns, sender, key, selector, dkim core , KBA , SRD-CC-CI-CCS , ByD Service Control Center , How To

Product

SAP Business ByDesign all versions