DKIM Enablement for Sender Domains – ByD


Background

In SAP Business ByDesign you can use e-mail as communication channel in various scenarios communicating with your employees and business partners, and SAP ByDesign allows you to configure sender e-mail addresses.

These sender e-mail addresses are subject to authentication checks of modern e-mail infrastructures using security measures such as Domain Keys Identified Mail (DKIM).

As part of our ongoing efforts to incorporate e-mail security and to pre-empt any e-mail spoofing attempts as well as to ensure e-mail delivery in line with commonly used security standards, we are making it mandatory for you – our customers – to enable DKIM on your sender e-mail domains.

Pleas request to enable DKIM for your e-mail sender domains, please find below more information and procedure

How to request DKIM key for your e-Mail sender domain address?

Please create an incident to SAP Business ByDesign Support providing the below mentioned details

Subject: Request to enable DKIM for ByD Business E-Mails

Content of the Incident:

  • Sender Domain address details that is used from your tenant to relay Business Mails (Example: test.com, abc.uk for scenarios like Tickets, customer invoice, order confirmation, etc.)

NOTE 1 – In case if you have multiple domains, please provide the complete list (Including Sub-Domains if any)

NOTE 2 – A common DKIM key is generated if there are multiple domains

NOTE 3 – It is now Mandatory and best practice to not use the domains that are NOT signed with DKIM key for relaying mails from your ByD tenant, E-mails will be classified as SPAM if DKIM is not enabled (In other words, it is recommended to DKIM sign all sender domains used by a ByD tenant rather than part of the domains)

NOTE 4 – The DKIM key that will be generated and provided to you is meant for ALL your environments (Test + Production) (i.e.: the key is independent of your ByD tenant)

Overview of the Execution steps for enabling DKIM Key

 The Service Request takes approximately 2 weeks of time for enabling and implementing

  •  Once we get the domain details as mentioned in FAQ’s section point 1
  •  DKIM key will be generated from our side (with Key Size – 1024 Bit)
  •  Public Key and Selector details will be shared to customer
  •  Customer must create a DKIM TXT record in their DNS Servers
    NOTE: In case if you have multiple domains, please mention all the domains name, and only one key is provided by default for all the domains. Maintain the same DKIM key for all the domains.
  •  Check if the key is maintained correctly through external tools by providing the “Domain” and “Selector” details
    Example: https://dkimcore.org/tools/keycheck.html
  •  Once the key is correctly maintained, send the incident back to SAP for activating the key.
  •  SAP will activate the key for the mentioned domains and will close the incident.

Conclusion:

We hope that this article provides clarity on how to get your sender domains DKIM enabled, which is more reliable and secure.