Sending domains are the domains that appear in message headers and the email appears to be sent from these domains. Once you add a sending domain, Cherub generates DNS keys to authenticate the domain.
Menu Navigation: Setup – Sending Domains
List Sending Domains
On this page, you can see all of the sending domains that you have added so far along with table options.
Table Fields
| Field | Description | |
|---|---|---|
| Sending Domain | The domain name to send from | |
| Tracking Prefix | The subdomain that will appear behind all hyperlinks and images for tracking purpose | |
| Redirection Type | Displays the redirection type you have selected while adding the sending domain | |
| DKIM | Success: Displays a green tick if the public domain key was resolved Failed: Displays a red cross if the public domain key wasn’t resolved | |
| Redirection | Success: Displays a green tick if the redirection is working fine Failed: Displays a red cross if the redirection isn’t working fine | |
| Added on | Date when this sending domain was added | |
| Actions | Set Ownership as Verified: Set domain’s ownership as verified forcibly Verify Public Domain Key: Recheck public domain key Verify Redirection: Recheck tracking domain redirection Download Domain Key Pair: Download domain key pair for DKIM Delete: Delete the sending domain | |
Add a Sending Domain
Click on the [+ Add New] button to add a sending domain.
- Sending Domain: Insert the Sending Domain that you want to add
- User Secure URL: If enabled than Cherub will sue HTTPS protocol for the tracking domain
Once you click the [Add] button, you’ll be directed to the domain details page to authenticate it
DKIM Authentication
DKIM, also known as Domain Key Identified Mail associates a digital signature of the domain name with email headers and vouches for the authority. The sending mail transfer agent (MTA) generates the signature by using an algorithm applied to the content of the signed fields. This algorithm creates a unique string of characters or a “hash value”.
Generate Public and Private Domain Keys
Turn the switch on to generate the public and private domain keys pair. When you enable it, it will show you a popup asking for confirmation and upon approval, it will generate a key pair for the associated sending domain.
Download Key Pair
Click on the download icon to download the domain key pair. The downloaded zipped file contains a public and private key file separately.
Public Domain Key
The public domain key consists of three parts.
- Selector
- Domain Key Universal Identifier i.e. _domainkey
- Domain Name
So the fully qualified domain to store public domain key becomes “selector._domainkey.yourdomain.com”.
Selector:
By default, Cherub shows “key” for the selector value that can be edited as well. You can also edit this default value in Application Settings under the “Sending Domains” tab.
When an email is received, the destination mail agent reads the message headers for the domain key signature and finds the signatory domain name and selector to fetch the public DNS record of it. Upon successful handshake of public and private domain keys, the mail is identified to be sent from the legit domain. Where to Add Public Domain Key?
You’ll need to find out where the DNS zone of your domain name is hosted. It can be within a hosted control panel on your server or your domain registrar or a third-party e.g. Cloudflare, DNSmadeeasy, ClouDNS, etc. Moreover, you can also find the nameservers of your domain name to identify where the DNS is hosted.
Go to the domain’s DNS and find the place where you can add records. The record under the HOST column that you see in Cherub as shown in the picture above has to be inserted as a subdomain/host in the domain’s DNS and the content you see under the VALUE column has to be inserted/pasted into the content field of the DNS as a TXT record type.
In the above snapshot, I am adding the public domain key that Cherub has generated for the domain thenewyorkgyro.com.
Regenerate Keys
Although it’s a rare scenario that you would need to regenerate the domain keys but you still have an option if you want to regenerate the domain keys pair.
Private Domain Key
Private Domain key can be utilized in two ways
- Cherub signs outgoing messages
- Your MTA signs outgoing messages
1. Cherub Signs Outgoing Messages
As appears in the snapshot above, if you turn the switch on to make Cherub sign your outgoing messages then Cherub will embed the digital signature for all outgoing messages.
ESP Cases:
If you are using an Email Service Provider (ESP) then almost all ESPs sign outgoing messages themselves and provide their own public key for your domain. In such cases, you don’t have to generate Domain Keys in Cherub. If you have already generated the domain keys in Cherub then make sure that the “Sign Outgoing Emails” switch is disabled, otherwise, there will remain a conflict and both signatures will be stamped that may result in DKIM failure.
2. Your MTA Signs Outgoing Messages
This case is mostly for the people who are using SMTP service or their own SMTP solutions. In this case, you’ll need to find out in your MTA software on how to embed private domain key for the outgoing messages. So you’ll need to store the private domain key file on your MTA server and define its physical path as per MTA configuration format.
Below you’ll find an example of adding a private domain key in PowerMTA. Edit PowerMTA config file and insert the following line
domain-key key,thenewyorkgyro.com,\etc\pmta\dkim\thenewyorkgyro.com.pemSo PowerMTA will take the responsibility of signing all outgoing messages.
Key Size
The default domain key size that Cherub generates is 1024 bits. You can change the key size in Application Settings under the Sending Domains tab as appears in the snapshot below.
Tracking Domain
The tracking domain is a subdomain of your main sending domain that is used for tracking purposes and appears behind all hyperlinks and images instead of Cherub’s main domain. It also white labels your email content with the associated domain. By default, Cherub uses “click” as the tracking domain prefix that can be edited according to your choice.
Prefix:
If you want to change the default prefix, you can do that in Application Settings under “Sending Domains”.
Redirection Methods
Two types of redirect methods are mentioned in Cherub. However, there could be custom solutions as well.
- CNAME
- htaccess
1. CNAME
CNAME is a domain-based redirection that maps the source domain to the destination domain and displays the content of it. In order to make it work you need to take care of the following two things
- Add a CNAME record in your domain’s DNS
- Add an entry of tracking domain in your web server
To add a CNAME Record, login to your domain’s DNS zone and add a CNAME record as it appears in Cherub.
The snapshot above shows the CNAME record is added for the domain thenewyorkgyro.com.
So once the CNAME record is added, it means the sourcing domain has started pointing to the destination domain’s server. But in most cases, the destination server doesn’t recognize the sourcing domain and redirects it to the webserver’s default page instead of navigating to the correct path of Cherub installation. So in such cases, you need to play a bit more and add this sourcing domain to your web server as well and map it to the correct physical location where Cherub is hosted. Once Cherub sees a handshake from both sides, it will verify the redirection.
2. htaccess
It’s a simple redirection method where you host the tracking domain on your server and upload the htaccess file content that Cherub gives you.
- Click to download the .htaccess file
- Extract the zip file
- Upload the .htaccess to the tracking domain’s root folder Tracking Domain: You can still host website content on your tracking domain as your .htaccess rules are just applied to certain matching URLs.
Confirming DNS Records
Once you are done with adding the DNS records, click on the green “Confirm” button to validate DNS propagation.
- Success: If Cherub is successful in validating the DNS records then you’ll see a green tick here
- Failed: If Cherub fails to validate the DNS records then you’ll see a red cross here
Recheck
There is a blue [Recheck] button that makes Cherub retrieve the DNS records again and revalidate them.