Hi
I have an OVH email pro service. My domains are parked with OVH and domain setup is simple (automatic).
But this auto-configuration did not add the DKIM record for my domain. As a result, some mail servers mark my messages as SPAM.
How to add this DKIM record?
Hello, the dkim is now available.
An administrator has published the process to activate it from now on via the api (it will be necessary to wait a little more for it to be available directly from the manager)
^FabL
----------------------------
1) Retrieve the selectors related to the domain:
https://api.ovh.com/console/#/email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkim~GET
Results:
- ovhexXXXXXX-selector1"
- ovhexXXXXXX-selector2
2) Create the DNS fields for the selector of your choice:
https://api.ovh.com/console/#/email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkim~POST1
(don't forget to check the "configure DKIM" box if your domain is with OVH)
3) Check that the fields are modified:
https://api.ovh.com/console/#/email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkim/{selectorName}~GET2
If you see "status : waitingRecord while the DNS fields are present in the zone, it means that the robot has not yet passed to check the DNS fields: try again in 5 minutes.
If you see "Status : Ready" it's perfect, we can activate the DKIM !
4) Activate DKIM!
https://api.ovh.com/console/#/email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkim/{selectorName}/enable~POST1
The task will be in todo and will be finalised fairly quickly.
5) Check the DKIM status one last time:
https://api.ovh.com/console/#/email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkimSelector~GET
It is normally in "InProduction" status!
Congratulations, you can now send an e-mail from the mail offer attached to your domain!
Hello there,<br />First post for me here, but... you saved me from nerves crisis, so... I owe you a beer :smiley: <br /> <br /><br />Really thanks for those informations, I ve just passed the DKIM-tester successfully with both a 1024 and a 2048 key.<br /><br />But personally, I really really am frustrated to see that the UI is totally bugged (DKIM field and manual editing clearly not working as intended), and don't allow us to do the operation without any headache...<br /><br />---> The DKIM field is totally bugged, and I don't understand you still let that active on the UI, it is ultra confusing and made me lose so much time.<br />----> Editing manually is also an option that is frequently discussed, but in my case it didn t work at all, and ended everytime with the same exact problem : The key is splitted in the end, and even if the NS record is created, the checker just returns a "bad key length" error, just examining the records is pretty obvious : There is some sort of formatter that has a problem when translating the "pseudo" text version, and that s the real second problem...<br />----> You can also try to edit manually and use the splitting method described here by Janus : <br />https://community.ovh.com/t/enregistrement-dkim/37779/4<br />Unfortunately, it won't work either, just because of the way your "manually edited zone" works : the key is splitted, and the record won't work, and return a key length problem. The splitting he describes in this post would work flawlessly if only there was no postprocessing done via the UI/robot... (there are mentions of this point also on the github part).<br /><br />I totally don't understand that this point is not documented at all : Don't rely on manual editing, or DKIM field, you HAVE to go through the API if you want to make DKIM work.<br /><br />Another thing I don't understand : the dkim-checker returns that everything is OK, but OVH's API stays on todo mode, even if the NS zone is refreshed, don't rely on the status, and at least go to the next step, for me it worked.<br /><br />The previous post from FabL is really good, and led me on the good way, but I would add just a little bit of information so you can save a little bit of time : <br /><br />1) FInd your OrganizationName : It should be the exchange service name, in my case : hosted-baXXX-2<br />2) TRY to create a selector, that will fail, and it s normal. OVH seems to have prepared the valid names, and I found no way to find them before attemting to create a new one. The good point of this fail is that the error message gives us the names of valid selectors.<br />3) Use one of the two selectors name you just found, and re-peat the creation, it will now work. Don t worry as FabL said to tick the box.<br />4) Create the NS TXT record with your domain, and as subdomain : selector._domainkey, and in the field TXT : <br />v=DKIM1; g=*; k=rsa; p=YOURSUPER2048KEY<br />No quotes, no backslash, nothing, plain text in one line and it should bo good.<br />5) Activate DKIM (see above in Fabl links)<br />6) Forget about FabL 's point number 5 : this call will only return the list of selectors, and nothing else.<br /><br />I personally refreshed the zone nearly at each step, I don t know if that's necessary, but it worked for me.<br /><br />Cheers :slight_smile:
Hello,
thanks for providing your advice, it is very helpful.
Unfortunately I followed the OP steps and ticked the "Configure DKIM" which I think results in a permanent "todo" state. I tried running an HTTP DELETE on both selectors but they cannot be modified until ready so I’m stuck here.
Forbidden (403)
{ "message": "Your dkim key need to be in state "ready" actual status : todo." }
Any advice to cancel the creation request and start over?
Thank you.
Hello, here is what I wrote for next needs and reuse 
## DKIM OVH hosted-exchange API steps
—
### Step 1 : Get selectors
https://api.ovh.com/console/#/email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkimSelector~GET
> organizationName : hosted-baxxxxx
>
> exchangeService : hosted-baxxxxx
>
> domainName : xxxx.fr
Response :
[
"ovhexXXXX-selector1"
"ovhexXXXX-selector2"
]
—
### Step 2 : Ask for pub/priv key creation
https://api.ovh.com/console/#/email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkim~POST
If eveything is at OVH (ns etc…), tick the ConfigureDkim checkbox to ask OVH to gen those keys
> organizationName : hosted-baxxxxx
>
> selectorName : ovhexXXXX-selector1
>
> exchangeService : hosted-baxxxxx
>
> domainName : xxxx.fr
—
### Step 3 : Get the DKIM selector infos to be able to configure the ns record
https://api.ovh.com/console/#/email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkim/{selectorName}~GET
> organizationName : hosted-baxxxxx
>
> selectorName : ovhexXXXX-selector1
>
> exchangeService : hosted-baxxxxx
>
> domainName : xxxx.fr
Response :
{
selectorName: "ovhexXXXX-selector1",
taskPendingId: XXXXXXXX,
recordType: "CNAME",
status: "waitingRecord",
targetRecord: "1selector1._domainkey.XXX.aa.dkim.mail.ovh.netselector1._domainkey.XXX.aa.dkim.mail.ovh.net",
lastUpdate: "2022-10-13T12:50:39+02:00",
customerRecord: "1selector1._domainkey.xxxx.frselector1._domainkey.xxxx.fr",
header: "from;to;subject;date"
}
As you can see, it's waiting for the record (status : waitingRecord)
—
### Step 4 : Create the corresponding CNAME record
> Possible to do this via UI also
https://api.ovh.com/console/#/domain/zone/{zoneName}/record~POST
> zoneName : xxxx.fr
>
> fieldType : CNAME
>
> subDomain : ovhexXXXX-selector1._domainkey
>
> target : targetRecord obtained at previous step
### Then refresh the zone :
https://api.ovh.com/console/#/domain/zone/{zoneName}/refresh~POST
> EXAMPLE of a good formatted CNAME record:
>
> ovhexXXXX-selector1._domainkey 60 IN CNAME 1selector1._domainkey.XXX.aa.dkim.mail.ovh.netselector1._domainkey.XXX.aa.dkim.mail.ovh.net
—
### Step 5 : wait for the "InProduction" status of step 3
This step is just about waiting a few minutes, the robot checks every 5 minutes, and will switch the status from waitingRecord to Inproduction
—
### Step 6 : Activate DKIM
https://api.ovh.com/console/#/email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkim/{selectorName}/enable~POST
> organizationName : hosted-baxxxxx
>
> selectorName : ovhexXXXX-selector1
>
> exchangeService : hosted-baxxxxx
>
> domainName : xxxx.fr
iirc, I was also in the todo state at first and thought it was ok, but it wasnt, resuming the steps I pasted just before made me pass 10/10 on mail-tester.com in a matter of minutes.<br /><br />Another thing I remember also, is that there was also a DNS refresh issue, and I opened a ticket about it : mail-tester.com saw my TXT fields, whereas querying the ns directly didn't return ant related TXT records with absolutely no logical explanation (we both tried me and the support guy to dig pointing directly at ns)<br /><br />Interestingly, after my ticket and phone call to support, few minutes after the MX were updated.<br /><br />Do NOT rely on the zone change via UI, make all operations including a force refresh via API, even on text edit mode, if you try to input a 2048 key, the robot will split it, and add a record, but with a blank space splitting your key in half.<br /><br />I had the same type of issue few days ago when trying to delete a mailbox : the UI just didn't do anything, and after digging a little bit, I did the exact same steps but via API, and the error return code showed me the real problem : aliases.<br />This is not directly related to DKIM, but basically don't rely on GUI, and try to do it manually.<br /><br />Keep me updated, if I can help, I ll reply as soon as I can.<br /><br />Also, another advice I d give you is to register to OVH exchange mailing list, there are a lot of people there that may have experienced your issues, and the replies are pretty fast.<br /><br />https://www.ovhcloud.com/fr/community/mailing-list/<br /><br />You'll make it :slight_smile:
Hi,
I'm getting:
> Not Found (404){ "message": "This service does not exist" }
when trying to get selectors. I guess I don't provide correct organizationName and exchangeService . Where excatly can I find them?
The API to get the selectors answer an HTTP Status 200
but result is empty => [ ]
Is there a problem with my account ?
Hi all, the original question was for Email Pro, but the end-point offered is Hosted Exchange.
Do you know how to setup DKIM for Email Pro?
Hello,
First, thanks for be available DKIM for exchange server emails… I have two domains names… I have create selector name, DNS records with target name and activate this selector name. DKIM works fine for one of own domains… Then, I have create other domain with selector name. After, I have request GET route for get properties of selector but selector it's in "todo" status permanent from three days ago… The status not change to "waitingRecord". I can't create the DNS record in second domain because the targetRecord it's : null. I can neither delete nor modify nor create another…
Thanks very much.
Kinds Regards!
Same here, I am unsure what to provide in input to the ovh API.
@AurelienB - thanks for sharing your experience above.
Any chanxe you could expand your guide for a more beginner audience?
Note: I am an Email Pro customer. Not Exchange.
I do not see DKIM under https://api.ovh.com/console/#/email/pro, so I am not sure what an Email Pro customer needs to do to activate DKIM.
Hello, my society are 2 domains, in one domain I have a successfully DKIM in production thanks to "DKIM OVH hosted-exchange API steps", then I have apply same steps in second domain but not work,
Step 1 :
GET /email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkim
[
"ovhex1052663-selector1"
]
STEP 2
GET /email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkim/{selectorName}
Response
{
lastUpdate: "1970-01-01T00:00:00+01:00"
selectorName: "ovhex1052663-selector1"
recordType: "CNAME"
taskPendingId: 103411674
status: "todo"
targetRecord: null
customerRecord: "ovhex1052663-selector1._domainkey.xxxxxxxx.pl"
header: "from;to;subject;date"
}
Status "todo" is permanent and not change…
- I try delete to create again but response :
DELETE /email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkim/{selectorName}
Forbidden (403)
{ "message": "Your dkim key need to be in state "ready" actual status : todo." }
- I have try create a second selector :
POST /email/exchange/{organizationName}/service/{exchangeService}/domain/{domainName}/dkim
ovhex1052663-selector2
Response :
Internal Server Error (500)
{ "message": "Internal server error" }
Please I need a solution…
I know the steps and I have another domain that DKIM work fine with API OVH…
Why I can't delete first selector or create a second selector ? Why status "todo" not change ?? The problem is in OVH servers because
Thanks very much
Hi, I cannot retrieve my organization name. I've tried with hosted-ba + my domain name without .com but it doesn't work. The button "Execute" is not clickable. Any idea?
Hi ! I need help for configure my DKIM.
First when i try to get selector, the result field is empty. So i have create my own selector with a good name.
Next when I check the status, the targetRecord is empty
and the status is on todo.
lastUpdate: "1970-01-01T00:00:00+01:00"
header: "from;to;subject;date"
recordType: "CNAME"
targetRecord: null
taskPendingId: 107623411
customerRecord: "1selector2._domainkey.agencedohoa.comselector2._domainkey.agencedohoa.com"
cnameIsValid: false
selectorName: "ovhex1105364-selector2"
status: "todo"
But like i use OVH i have tick the box ConfigureDkim but the status of my records stay at todo !!!
If someone can help me ! Please I need help guys !!
For everyone with problmes to configure DKIM on email pro accounts
First:
follow the guideline, it's a bit complex but fine:
https://help.ovhcloud.com/csm/es-es-dns-zone-dkim?id=kb_article_view&sysparm_article=KB0058253#configurar-el-dkim-para-una-solucion-de-correo-exchange-o-email-pro-de-ovhcloud
(here in spanihs, but you can change language on the top right corner)
Second
If you get an empty selector ] is because you are not running the correct api call. Be sure to run
![image|690x211
As you can see on the screen capture it's not the first one…it's the last!!
Third
With the selectorName, you can go to step 2 and create your DKIM register in DNS. You only need to enter the selectorName on it's field. Remember to Check the two boxes if you have your domain registred on OVH and with their DNS.
Four
Be patient, it takes a while, if you get a "todo" result it's fine, wait for a while (in my case there were 30 min) and check it again..you will see "inProduction" status (if you have your domain registrered by ovh and with their DNS)
Five
Enjoy