The record cm._domainkey is a DKIM (DomainKeys Identified Mail) DNS TXT record. It is used to authenticate email messages sent on behalf of your domain and ensure they have not been tampered with during transit. The prefix cm is the DKIM selector, which identifies the specific key to use when validating the DKIM signature.

Key Components of cm._domainkey

  1. cm:
    • This is the selector part of the DKIM record.
    • The selector allows you to use multiple DKIM keys for different services or servers (e.g., one for Mailchimp, another for your own mail server).
  2. _domainkey:
    • A fixed subdomain used in the DNS structure to publish DKIM public keys.
  3. Complete DKIM Record:
    • The full DKIM DNS record would look something like this:
    cm._domainkey.example.com IN TXT "v=DKIM1; k=rsa; p=PUBLIC_KEY"
    • Here:
    • v=DKIM1: Specifies the DKIM version.
    • k=rsa: Indicates the key type (RSA in this case).
    • p=PUBLIC_KEY: Contains the public key used to verify the DKIM signature.

When You See cm._domainkey

The selector cm is commonly associated with email marketing platforms such as Campaign Monitor or similar services. These platforms use it as their default DKIM selector to authenticate emails sent on behalf of your domain.

How to Add or Verify the cm._domainkey Record

Locate Your DKIM Record

1

Log in to your domain registrar or DNS management console (e.g., GoDaddy, Cloudflare, Namecheap).

2

Search for DNS TXT records.

3

Look for a record named cm._domainkey.

Publish the Record

If the record does not exist, create one based on the instructions provided by the email service (e.g., Campaign Monitor).

Example DKIM record for cm._domainkey:

Name: cm._domainkey
Type: TXT
Value: v=DKIM1; k=rsa; p=MIIBIjANBgkqh... (your public key here)

Test the DKIM Record

Once added, verify the record using:

Common Issues with cm._domainkey

Issue Solution
Record Not Found
  • Ensure the record has been added to the correct DNS zone.
  • Allow up to 24-48 hours for DNS propagation.
Invalid Public Key Ensure the p value (public key) is copied correctly without any formatting errors (e.g., missing characters, extra spaces).
Service-Specific Selector Some services may require a different selector or format. Refer to the documentation of the email service you are configuring.
DKIM Check Fails If emails fail DKIM checks, confirm:
  • The correct selector (cm) is being used in the DKIM-Signature header.
  • The DNS record matches the private key used to sign outgoing emails.

How cm._domainkey Works in Email Authentication

When you send an email:

  1. The mail server adds a DKIM-Signature header, specifying:
    • The selector (s=cm).
    • The domain (d=example.com).
  2. The recipient server:
    • Queries the DNS for cm._domainkey.example.com to retrieve the public key.
    • Uses the public key to validate the signature in the email header.
  3. If the signature matches:
    • The email passes DKIM verification.

Benefits of DKIM

Prevents Email Spoofing

Verifies that emails claiming to come from your domain are actually sent by you or an authorized service.

Improves Email Deliverability

Authenticated emails are less likely to be marked as spam.

Enhances Domain Reputation

Increases trust with email providers like Gmail, Outlook, and Yahoo.

The cm._domainkey is a DKIM record used for email authentication, typically associated with Campaign Monitor or similar services. By properly setting up and verifying this record, you ensure that your emails are authenticated and have a higher chance of reaching recipients inboxes.