Adding DKIM and Return-Path records to Gandi
To add TXT records for DKIM to your Gandi hosted domain, follow these steps.
Obtain the DKIM record from Postmark
Log into Postmark and navigate to the Sender Signatures section. Click Add a DKIM DNS Record or DNS Settings for the domain you are adding DKIM for.
You will then see entries for both DKIM and Return-Path:
These records will be used once you login to Gandi, so keep the DNS Settings window or tab open in your browser.
Adding the DKIM and Return-Path Records to Gandi
- Log in to Gandi and go to the domain’s management page.
- Click Edit the zone
- Gandi does not let you edit active zone configurations, so click Create a new version
- Click Add to add a new record. We will start with adding the CNAME record.
- For the Type, select CNAME from the drop-down. You can generally leave the TTL as it is.
- In the Name field, enter the Hostname value for the Return-Path record from the DNS Settings page in Postmark.
- In the Value field, enter pm.mtasv.net.
- When you're done, be sure to click Submit. You will see this message:
- Click Add again to add another record for DKIM. For the Type, select TXT from the drop-down.
- In the Name field, enter the Host value you see for DKIM in your domain’s DNS Settings page in Postmark. It will be in the format of timestamppm._domainkey
- In the Value field, enter the TXT value for the DKIM record from your DNS Settings page in Postmark.
- When you're done with adding the DKIM record, be sure to click Submit again.
- Once you are done adding both records, click Use this version to begin using the new zone file version:
- To finish verifying the CNAME and DKIM records, click on the Verify button in the Postmark DNS Settings page next to the DKIM and Return-Path records.
In normal mode your zone file will be shown with each resource record on its own line, like this:
You will be presented with a form like this:
You will be prompted to confirm:
And should then receive confirmation:
If everything is propagated (which can take up to 48 hours for new DNS records) and working, you will see a green checkmark in your Sender Signatures page showing that the domain has been verified. You can now also send from any email address on that domain.