I’d like to set up DKIM to help ensure that email notifications from my self hosted Discourse instance actually get reliably delivered.
DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.
You can ignore the ‘unsafe permissions’ warning as we know that it’s OK. opendkim-testkey complains if the file permissions are anything but 0600, but I see no reason to allow the opendkim user to modify the file.
Reload opendkim:
$ sudo service opendkim reload
Restarting OpenDKIM: opendkim.
Also just as a reminder, I strongly recommend anyone configuring email in Discourse to send a test email. You can do this from the admin panel, under Email logs, at the top where the button says “send test email”.
This email contains crucial, extremely important tips to get your Discourse forum email notifications working:
This is a test email sent from your Discourse forum at:
Email deliverability is complicated. Here are a few important things you should check first:
Know how to view the raw source of the email in your mail client, so you can examine the email headers for important clues. in Gmail, it is the “show original” option in the drop-down menu on each mail.
IMPORTANT: Does your ISP have a reverse DNS record entered to associate the domain names and IP addresses you send mail from? Test your Reverse PTR record here. If your ISP does not enter the proper reverse DNS pointer record, it’s very unlikely any of your email will be delivered.
Verify that your email server is definitely sending a fully-qualified hostname that resolves in DNS in its HELO message. If not, this will cause your email to be rejected by many mail services.
Configure DKIM email key signing in your email software, and place the public DKIM key in your DNS records. This is not required, but will significantly improve email deliverability.
We hope you received this email deliverability test OK!
In this, as with any other email deliverability stuff, remember to check the email headers to see if it is working. For Gmail that is the “Show Original” drop down menu option on the email.