The short answer is the n= tag. This optional tag within a DKIM record is specifically designed to hold notes intended for human readers, typically system administrators.
DomainKeys Identified Mail (DKIM) is a critical email authentication method. It works by adding a digital signature to outgoing emails. As Email on Acid explains, this signature helps mailbox providers verify you as the sender and protects against email spoofing. This signature is created using a private key, and receiving servers use a corresponding public key, published in your domain's DNS, to verify it.
The DKIM record itself is a string of text containing various tags, each serving a specific purpose. While many tags are for machines, the n= tag is exclusively for us humans. It allows an administrator to leave a comment or note directly within the DNS record.
Practical uses of the notes tag
You might wonder why you'd need to leave a note in a DNS record. In a complex email infrastructure, it's incredibly useful. A common scenario is managing multiple DKIM keys for different email sending services. For example, you might use one service for transactional emails and another for marketing newsletters. Each service will require its own DKIM key.
By using the n= tag, you can label each DKIM record. For instance, you could add n=Notes for Marketing ESP to one record and n=Notes for Transactional Service to another. This prevents confusion down the line when you or another administrator needs to update or revoke a key. You can also add contact information, like an email address or team name, making it easier to identify who manages that specific key.
Other important DKIM tags
While the n= tag is useful for humans, several other tags are essential for the DKIM authentication process to work. According to Hostinger's guide on DKIM records, a DKIM record is comprised of several key elements. Here are the most critical ones:
- v=DKIM1: This specifies the DKIM version. It should always be "DKIM1".
- k=rsa: This defines the key type. 'rsa' (for the RSA encryption algorithm) is the most common value.
- p=: This tag contains the public key data, which is the long string of characters that receiving servers use for verification.
- s=: This is the DKIM selector. It's a specific name used to locate the public key in your DNS. You can have multiple selectors for different sending services.
- d=: This specifies the domain the DKIM signature is for.
An example DKIM record with a note might look something like this:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3...; n=Contact marketing-team@example.com;
In summary, while not technically required for DKIM to function, the n= tag is a valuable tool for domain administrators. It brings a human touch to a technical record, making DKIM management clearer and more organized, especially in environments with multiple sending platforms.
