SAP Knowledge Base Article - Public

3286675 - Differences between DKIM for Mass E-mails and Business Mails

Symptom

You need to send outbound e-mails from your tenant but you don't know which activation is needed or you have read that DKIM is needed but you are not sure what should be requested to SAP support.

Resolution

Definition:

  • DKIM stands for "Domain Keys Identified Mail" and is used to certify that an e-mail was authorized and sent from the owner of the Domain. This technique is used on Cloud for Customer and Business ByDesign to sign Mass E-mails and Business Mails. 

Usage:

  • Mass E-mails: This is the activation needed when you plan to use a subdomain for the functionalities on the "Sales Campaign" Work Center. 
  • Business E-mails: This is the activation needed for e-mails that are sent as notifications from your Tickets, Sales Quotes, Visits and any other functions which generate an e-mail within the system.

Mass E-mail Activation: 

Add the public DKIM key to your DNS (Domain Name System). Request your network administrator to perform this task. Follow below steps to complete this activity.

     a. Create an entry for your sub-domain of your DNS with the following structure:

               mailing._domainkey.[ subdomain ].[ domain ].[ tld ]

        So for the above example Sub-Domain, an entry will be created with the structure,

               mailing._domainkey.news.bankarc.com

     b. Insert the below Text record for your sub-domain into your DNS.

k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfvgMo245lekN+eHQipbDcEzEzAYtWg3/OAvp66FLqRnF29yG/rUddTjFhA+KgZ5F3kXqK/ksX3N+oVFh150zZRc9HNxbJNdTeb/m+EKMpwjiejL9mb8yuJo36QqEsgz5NohU8jBj10vNhkdnsjhLumO/VJQ/LiU78kOvJsT+EEwIDAQAB;

Note:

1. Make sure there are no line breaks while inserting the above DKIM key to your DNS. It is spread on two lines in this documentation.

2. Documentation on Help Center for “Activation of Mass E-Mail” contains the public DKIM key and the steps above to add it on your DNS.

3. To test whether the DKIM is added on your DNS, follow below steps:

     a. Go to http://dkimcore.org/tools/dkimrecordcheck.html on your browser.

     b. Enter the values in the form that opens up.

     Let’s consider the example we seen above. (mailing._domainkey.news.bankarc.com)

  • Enter ‘mailing’ as your Selector.
  • Enter your sub-domain where you have inserted your DKIM record. Here in our example ‘news.bankarc.com’
  • Click on button ‘Check’

                     Please refer the below screenshot.

DKIM.jpg

  • If the DKIM key is inserted correctly, we would get the below message.

DKIM2.jpg

4. Repeat the above steps for all sub-domains in case if there exists more than one sub-domain which are to be used for Mass E-mailing.

5. Open the E-mail and Fax Setting Fine Tune activity and maintain all the sub-domains in the list on the view Activation of Mass E-Mail.

 

6. Once these steps are completed, inform SAP to activate the Mass E-mailing for your tenant for your sub-domains. To do so raise an incident for every sub-domain with the below subject and text.

Subject: Activate mass e-mail

Text: Activate DKIM sending process for sub-domain <your sub-domain>

7. SAP will check to confirm whether you have inserted the DKIM record for the sub-domain. If the entry doesn’t seem correct, they will reply to accordingly.

8. SAP also asks some basic information on your Mass E-mailing to enable it for you. E.g.

    a. What is the mailing type? Alarm/ News/ Updates?

     b. Who are the recipients? Customers? Partners? Interested people?

     c. Estimated mail volume? i.e. estimated mails sent per month.

9. Once they confirm that you have performed all the pre-requisites to activate the Mass E-mailing, they initiate the Mass E-mail Activation for your sub-domain on your tenant.

10.  After the activation of mass e-mailing, test it by creating a test Marketing Campaign to the recipients where you can check the delivery of the e-mail.

     a. If the test e-mail was not delivered to the recipient’s mail box, re-open the incident.

     b. If the test e-mail was delivered successfully, the activation of mass e-mail is completed.

Business Mail Activation:

Step 1: Customer to open an incident with SAP C4C/ByD Support to request the DKIM key

Request DKIM Key Activation for sending the Business Emails:

Please create an incident to SAP Cloud Support team from your respective SAP Cloud for Customer or Business ByDesign(BYD) tenants providing the below-mentioned details.

  • Subject: Request to enable DKIM for Business Mails. 
  • Content: Sender Domain address details that are used from your tenant to relay Business Mails (Example: example.com for scenarios like Tickets, Visits, Sales Quote, etc.). 

NOTE 1 – Please provide the complete list of domains in case if you have multiple domains or subdomains used in your SAP Cloud for Customer/SAP Business ByDesign for relaying business mails.

NOTE 2 – A common key is generated if there are multiple domains.

NOTE 3 – It is recommended and best practice to not use the domains that are not signed with DKIM key for relaying mails from your ByD tenant, as there are possibilities they might be classified as SPAM by some recipient servers.

NOTE 4 – The key that will generated and provided to you is meant for your production and test environment as well(i.e.: the key is independent of the ByD tenant).

Step 2: SAP will provide DKIM Key and selector details to customer

Once the Incident is created with above details, SAP Support Team will validate this request and generate the DKIM Key(Text Record with Key Size – 2048 Bit).

After generating the DKIM Key, SAP Support Team will send the incident back to Customer with the below details:

    • DKIM Key(Text Record). 
    • Selector details 

Step 3: Customer maintains DKIM Key in customer DNS 

Once customer has the details of DKIM Key and Selector, they need to create DKIM TXT record(s) in their DNS servers using given selector name for their domains.

Step 4: Customer validates DNS entry by executing a check on a dedicated website

Once the DKIM record is created in the customer DNS Server, They need to validate the DKIM check from their end with the below steps

Step 5: If check returns “This is not a good DKIM key record. You should fix the errors shown in red.”, customer to correct configuration until check returns “This is a valid DKIM key record”

Step 6: Important!: Customer to return incident back to SAP for SAP to be able to activate the DKIM profile for customer

If it gives Green Check(as shown below)Please send the incident back to SAP Support team.

SAP will validate the DKIM Key Check and proceed with the activating the profile.

 

IMPORTANT NOTE:

  1. IF BUSINESS EMAILS ARE NOT RECEIVED TO YOUR INBOX POSSIBLE REASON COULD BE DKIM PROFILE ACTIVATION WAS NOT DONE FOR THOSE DOMAINS. 
  2. YOU NEED TO SEND INCIDENT BACK TO SAP SUPPORT FOR THE FINAL ACTIVATION OF DKIM PROFILE.
  3. ONLY THEN YOUR BUSINESS EMAILS CAN LEAVE YOUR COMPANY AND CAN BE RECEIVED BY THE INTENDED RECIPIENTS. 
Important Notes:
  • The Service Request takes approximately 2 weeks of time for enabling and implementing.
  • In case if you have multiple domains, please mention all the domains name, and only one key is provided by default for all the domains. Maintain the same DKIM key for all the domains.
  • When maintaining the record as TXT record in the DNS server, there should not be any space or it shouldn’t be maintained in paragraphs.
  • The record should be maintained as a single line.
  • Given selector should be used.
  • DKIM Activation for sending the Business Emails is activated based on the domains and customer not based on the tenants.
  • Only one DKIM Key and one Selector will be generated for a customer, it applies to all of your tenants.
  • If you fail to enable the DKIM Key for the sender domains used in SAP Business ByDesign system, Server will block the e-mails and emails will not be received in the recipient inbox.
  • If the DKIM activation is already done previously, and in near future if you come up with another set of domains which you want to enable with the DKIM Key, for this scenario, you need to maintain the previously provided DKIM key and create incident to SAP Support requesting us to add the new domains to previous list. NOTE: In order to activate DKIM validity check needs to be done.
Once your IT/DNS team updated the DKIM Key in the DNS Server, however upon validating the DKIM entry you see validity check failed. The reason would be your team didn’ maintained the DKIM Key correctly or maintained with wrong format. If you reach SAP Support team to seek help, It may not be helpful as we from SAP may not know how your DNS server is maintained and we may not be experts in the DNS side as it depends on DNS provider settings. So please Connect with your DNS experts to update the records correctly.


See Also

To check the two activations in detail, please refer to:

Keywords

Bulk Mail, Campaign E-mail, E-mail Blast , KBA , LOD-CRM-ADM , Administration UI , SRD-CC-CI-CCS , Service Control Center , How To

Product

SAP Business ByDesign all versions ; SAP Cloud for Customer add-ins all versions