SOLVED

Can we have 2 simultaneous DKIM entries?

Go to solution
Grégoire_Miche2
Level 10

Can we have 2 simultaneous DKIM entries?

As we are transition from an old Marketing automation solution to Marketo, we would need to temporarily have 2 DKIM entries in our DNS. Does anyone know if this possible ? Anything to know about this ?

Thx in advance,

-Greg

1 ACCEPTED SOLUTION

Accepted Solutions
Roxann_McGlump1
Community Manager

Re: Can we have 2 simultaneous DKIM entries?

Hello Gregoire,

You should be able to have two DKIM keys as long as they are not on the same domain (m1._domainkey.olddomain.com vs. m1._domainkey.newdomain.com.) or on the same selector (m1._domainkey.yourdomain.com vs m2._domainkey.yourdomain.com.)

If the domainkey and selector are the same for both systems, you could contact Marketo support and request that the old domain key be copied to your Marketo instance, and essentially the one key would sign emails for both your old and new marketing automation systems.

View solution in original post

4 REPLIES 4
Roxann_McGlump1
Community Manager

Re: Can we have 2 simultaneous DKIM entries?

Hello Gregoire,

You should be able to have two DKIM keys as long as they are not on the same domain (m1._domainkey.olddomain.com vs. m1._domainkey.newdomain.com.) or on the same selector (m1._domainkey.yourdomain.com vs m2._domainkey.yourdomain.com.)

If the domainkey and selector are the same for both systems, you could contact Marketo support and request that the old domain key be copied to your Marketo instance, and essentially the one key would sign emails for both your old and new marketing automation systems.

SanfordWhiteman
Level 10 - Community Moderator

Re: Can we have 2 simultaneous DKIM entries?

Like Roxanne said, multiple DNS TXT DKIM keys with two different selectors are totally fine (in fact necessary), while multiple DNSTXT DKIM keys for the same selector are not allowed. 

What's interesting (in my opinion) is that the strict prohibition only applies to DNS-based public keys (keys stored in DNS).  Obviously this makes up 99.999% of the current landscape of DKIM.  But in the (currently) unlikely event that you are feeding keys into a DKIM validating-app without retrieving them from DNS (via any other protocol, presumably, and/or from a database), the validator is allowed to cycle through the keys, checking for a match, instead of erroring out.  Because of this disparity in the spec, relatively lax validators may cycle through your DNS-based keys instead of instantly returning an error. Anyway, don't have more than one key for the same selector.

Justin_Cooperm2
Level 10

Re: Can we have 2 simultaneous DKIM entries?

Yeah, just create an entry in Marketo with the same domain. We don't let you modify the selector at this point, and it will be m1. Your other DKIM key with your other platform probably uses a different selector so you should be good. It is totally valid to have different DKIM entries using different selectors.

Grégoire_Miche2
Level 10

Re: Can we have 2 simultaneous DKIM entries?

Thanks to each of you, that is very clear.

I also understand that it would be more complex to have a DKIM for a Marketo prod and a Marketo sandbox, as both will want to use the same selector, but for my migration purpose, it should be OK.

-Greg