SAP Knowledge Base Article - Public

3223594 - DKIM Enablement in S/4HANA and SMC Systems


Mails are not being received by the recipients which are sent from custom sender domains after mail server migration.


S/4HANA Public Cloud and SAP Marketing Cloud


Overview of Mail server migration:

As part of SAP’s continued commitment to improving Services, Stability, Security, and Technology, we plan to migrate your S/4 HANA Email services to a new solution – “Cronus”. The Cronus Email solution is built on the Amazon Web Services cloud platform. To achieve this migration, DKIM enablement for custom domains is pre-requisite.

Overview on DKIM:

DKIM is an e-mail authentication technique involving a digital signature that allows the receiver to check that an e-mail was sent and authorized by the owner of that domain. The DKIM signature is a header that is added to the message and is secured with encryption. By enabling DKIM you can make sure messages aren't altered in transit between the sending and receiving email servers. It uses public-key cryptography to sign emails with a private key as it leaves a sending email server.


Custom domains which are used for internal purposes like workflow item, Purchase order approval, PR approval, etc., should be enabled the DKIM setup. This will ensure that emails sent through your SAP S/4HANA system are secure.

DKIM Process Flow:

Step 1:

  • DKIM key will be generated. Process of DKIM key generation will take approximately 3-4 hours.
  • Once the key is generated, Cloud Operations will send the key to customer to update their DNS.
  • To update DNS, kindly check with your local network/mail server team for assistance. DNS is unique and we have different DNS providers in the market, hence SAP is not have a control over it.
  • We have captured few screenshots based on one of the reference customer’s DNS in SAP note 3231960. Please note that it is only for reference purpose and your DNS settings might be different than the captured one.

Step 2:

  • Once the DNS is updated, Customer needs to revert back to cloud operations through case to perform profile activation.
  • Cloud operations will validate the DNS, if the key and DKIM TXT record is created properly or not. If the validations are successful, we will proceed with profile activation. If we get an error during validation, we will let the customer know about the same through case and  customer needs to correct the same
  • Post profile activation, DKIM setup will be completed.
  • Process of profile activation will take approximately 3-4 hours.
  • Customer can validate the DKIM signing in the “Header” of the mail.

Kindly refer section 4.2.7 Secure Your Email Using DomainKeys Identified Mail (DKIM) of document Setting Up Output Management (1LQ) to know about process of DKIM and how to request for DKIM enablement request.


S/4HANA Public Cloud, SAP Marketing Cloud, DKIM, DNS, Custom domain, Mail, mail server migration, no mail , KBA , XX-S4C-OPR-INC , S/4HANA Cloud Availability, Performance and Administration , CEC-MKT-BA-UM , User Management , CEC-MKT-BF , Basic Functions , CEC-MKT-ITC , Installation and technical configuration , How To


SAP S/4HANA Cloud Public Edition all versions ; SAP S/4HANA Cloud all versions