Docebo uses DomainKeys Identified Mail (DKIM) as a method to validate the platform domain name identity associated with the email messages sent by platform via the Notification App, to reduce the possibility of ending up in a recipient’s junk email folder.
Only Superadmins can manage the DKIM email security app; Power Users will not see the DKIM section in the Admin Menu.
Generating DKIM Records for Your Domain
In order to generate the DKIM records for your domain, access the Admin Menu by scrolling your mouse over the gear icon and click on the Advanced Settings option in the Settings section. Move to the Email Preferences settings and click on the Manage DKIM Keys button. You will then be redirected main management page of the app, listing the domains already associated with DKIM records. Please note that the DKIM area is fully accessible in the Email Preferences area even when the White Label app is active, for all the domains in your Extended Enterprise.
Press the plus button in the top right corner to generate the DKIM records for your domain. Please note that DKIM records are unique for each domain and it is thus not possible to generate DKIM records for the same domain more than once. If you are using the Extended Enterprise App, you have to generate a DKIM record for every client you defined.
Type the domain name of the email sender and press Generate Keys. The platform will generate three keys:
- Public Key. DNS public key used by the recipient systems to verify the emails sent from your domain.
- Selector. The selector, together with the domain name, is used by recipient servers to verify the email sender.
- Configuration Text. For those using a Bind DNS server, this text field shows the configuration in Bind 9 format.
Copy and paste these keys into the corresponding fields of your DNS. Once DKIM records have been generated, your domain will be listed on the DKIM Activation page, together with the corresponding Public Key and the Selector value.
After copying and pasting the generated keys in your DNS, click the ellipsis icon at the end of the domain row and select Verify & Activate to complete the association between your domain and the DNS server. Remember that the DKIM email security will not be active if you do not execute this step.
Whenever you need to retrieve the generated keys, click on the ellipsis icon and select View Info. Always copy the values of the keys associated to your domain from this panel, do not use the values displayed in the DKIM Activation page, since they may not be fully displayed and you may thus copy an incomplete value.
When choosing your email sender address, remember not to reuse your custom or Extended Enterprise domains, as most DNS services do not allow for a CNAME and SPF record to coexist for the same domain. We suggest that you find a similar name. As an example, if you custom domain is learning.mydomain.com, you can configure a sender email address as firstname.lastname@example.org or even use a 4th level domain (e.g. if you custom domain is learning.mydomain.com, use email@example.com as sender email address).
Regenerating DKIM Keys for Your Domain
Whenever you need to regenerate the DKIM records associated with your domain, first delete the keys currently in use. To do so, click on the ellipsis icon at the end of the domain row, and select Delete. When DKIM records are deleted, their association with your domain is lost.
You are now ready to generate new DKIM records by following the procedure described in the previous section of this article.
Adding Docebo Email Servers in your Allow List
Refer to the following table to add the Docebo email servers to your allow list, picking the SMTP server depending on your platform type and on your region.
|Region / Scope||Platform Type||SMTP Host||SMTP Host (with DKIM/SPF/MX properly configured)|
|eu-west-1||SaaS||gw1.mail.docebosaas.com gw2.mail.docebosaas.com gw3.mail.docebosaas.com gw4.mail.docebosaas.com|