Login
      Contents x
      Domain Management
        • Print
        • PDF
        Contents

        Domain Management

          • Print
          • PDF
          Article summary

          Available in Classic and VPC

          Cloud Outbound Mailer allows you to register, manage, and share domains with other users. By registering a domain and authenticating it with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), you can prove your sender credentials and prevent others from sending emails using your domain.

          Domain Management page

          To access the Domain Management menu, on NAVER Cloud Platform console, click Services > Application Services > Cloud Outbound Mailer > Domain Management in order.

          The Domain Management page is laid out as follows:

          cloudoutboundmailer-use-domain_screen_ko

          AreaDescription
          ① Menu nameName of the menu currently being viewed
          ② Basic featuresFeatures displayed when entering the Domain Management menu for the first time
          • [Register domain]: click to register a domain (see Register domain)
          • [Learn more about the product]: click to go to the Cloud Outbound Mailer introduction page
          • [Refresh]: click to update the domain list
          ③ Post-creation featuresFeatures displayed after a domain list is generated
          ④ List of domainsView the list of registered domains and their information

          View domains

          To view the details of a domain, follow these steps:

          1. On NAVER Cloud Platform console, click Services > Application Services > Cloud Outbound Mailer in order.
          2. Click the Domain Management menu.
          3. Click the desired domain in the domain list to view its details.
            cloudoutboundmailer-use-domain_list_ko
            • Domain authentication token
              • Authentication token: click the [View] button to view the value of the authentication token generated when the domain was registered
              • Authentication date: date the domain's DNS ownership was authenticated
                • If it is not authenticated, the [Authenticate] button is displayed. Click the [Authenticate] button after registering the authentication token value in the TXT record of the domain DNS
            • SPF/DKIM authentication
              • SPF record: check the signature value to use SPF authentication and enable or disable SPF authentication
                • [View]: view the SPF signature value
                • [Enable]/[Disable]: enable or disable SPF authentication
              • Authentication date: date the SPF signature value was authenticated
                • If it is not authenticated, the [Authenticate] button is displayed. Click the [Authenticate] button after entering the SPF signature value in the TXT record of the domain DNS
              • DKIM: check the signature value to use DKIM authentication and enable or disable DKIM authentication
                • [View]: view the DKIM signature value
                • [Enable]/[Disable]: enable or disable DKIM authentication
              • Authentication date: date the DKIM signature value was authenticated
                • If it is not authenticated, the [Authenticate] button is displayed. Click the [Authenticate] button after entering the DKIM signature value in the TXT record of the domain DNS
            • Share domain
              • Project key: list of account project keys entered as received from the domain sharing requester
                • Enter the project key value in the input box and click the [Add] button to share the domain
              • Registration date: date the project key value was registered

          Register a domain

          Domain registration includes the addition of a TXT record to the domain's DNS to authenticate ownership. To register a domain, follow these steps:

          1. On NAVER Cloud Platform console, click Services > Application Services > Cloud Outbound Mailer in order.
          2. Click the Domain Management menu.
          3. Click the [Register domain] button.
          4. When the domain registration popup window appears, enter the domain address in Enter domain and click the [Generate authentication token] button.
          5. When the token value appears in Authentication token, click the [Copy] button.
            • You can check the generated authentication token value again in the domain list.
            • Click the [Generate authentication token] button again to generate a new authentication token value.
          6. Click the [Register] button.
          7. Visit your domain provider's website and register the copied authentication token in the TXT record of your DNS.
          8. Return to the Domain Management menu on NAVER Cloud Platform console and click your domain in the domain list.
          9. Click the [Authenticate] button for Authentication date in Domain authentication token.
            • It may take some time for the DNS changes to be applied.
            • When authentication is successful, the authentication date is displayed.
            • If authentication fails, the DNS lookup and resolution failed, so check the TXT record of your DNS.
          Caution

          Domains such as naver.com, navercorp.com, and ncloud.com are not permitted and may result in message delivery being blocked.

          Domain security

          You can use authentication for the security of your registered domain. The types of authentication you can apply are as follows:

          • Sender Policy Framework (SPF) authentication: you can verify that mail sender information matches the mail server information registered in DNS to prevent spoofing.
          • DomainKeys Identified Mail (DKIM) authentication: you can add a digital signature to the mail header to verify that the mail has not been tampered with.
          • Domain-based Message Authentication, Reporting, and Conformance (DMARC) authentication: you can choose how to handle mail from domains that fail SPF and DKIM authentication. It works with SPF and DKIM to authenticate mail senders.
          Caution

          If the three authentication procedures, SPF, DKIM, and DMARC, are not completed for a specific domain among the recipient email addresses, sending emails to the domain may fail.

          SPF authentication

          Once the domain registration is successfully completed, you can add SPF authentication. To add SPF authentication, follow these steps:

          1. On NAVER Cloud Platform console, click Services > Application Services > Cloud Outbound Mailer in order.

          2. Click the Domain Management menu.

          3. From the domain list, select the domain for which you want to add SPF authentication.

          4. Under SPF/DKIM authentication, click the [View] button for SPF record and copy the SPF signature value.

          5. Visit your domain provider's website to register the SPF signature value in the TXT record of your DNS.

            Caution

            Cautions when registering SPF records are as follows:

            • Only one SPF record must exist.
            • If an existing SPF record is already registered, add include:email.ncloud.com to the existing record as in the following example.
            • Example: example.com txt = "v=spf1 ip4:192.168.0.1 include:spf.example.com include:email.ncloud.com ~all"

          6. Return to the Domain Management menu on NAVER Cloud Platform console and click your domain in the domain list.

          7. Under SPF/DKIM authentication, click the [Authenticate] button for SPF record.

            • When authentication is successful, the authentication date is displayed.
            • If authentication fails, the DNS lookup and resolution failed, so check the TXT record of your DNS.

          8. Click the [Enable] button for SPF record.

            • The SPF authentication changes to the Enabled status and the [Enable] button changes to [Disable].
            Caution

            If SPF authentication is enabled and you click the [Disable] button to change it to the Disabled status, it may affect the authentication of emails being sent.

          9. Test that it has been applied successfully by sending an email using the domain.

            • In the From: field, type the domain that will be used when you send an email.
            • After you send the email, open the email in your inbox to check the SPF authentication information.
              • NAVER Mail: click i_cloudoutboundmailer_navermail_option > Show original at the top of the email body and check the Authentication-Results header in the Show original popup window.
              • Gmail: click i_cloudoutboundmailer_gmail_option > Show original at the top of the email body screen and check the DKIM entry on the original email screen.
              • For other email services, contact your provider for instructions on how to check SPF.

          DKIM authentication

          Once the domain registration is successfully completed, you can add DKIM authentication. To add DKIM authentication, follow these steps:

          1. On NAVER Cloud Platform console, click Services > Application Services > Cloud Outbound Mailer in order.

          2. Click the Domain Management menu.

          3. From the domain list, select the domain for which you want to add DKIM authentication.

          4. Under SPF/DKIM authentication, click the [View] button for DKIM and copy the DKIM signature value.

          5. Visit your domain provider's website to register the DKIM signature value in the TXT record of your DNS.

            • Cloud Outbound Mailer provides selector values by environments and Regions. Check the selector indicated on the console.

              Note

              Selectors by environments and Regions are as follows: For domains registered before November 7, 2024, the selector is the mailer.

              • Private environments
                • Korea Region: ncpcompubkr
                • Japan Region: ncpcompubjpn
                • Singapore Region: ncpcompubsgn
              • Financial environment: ncpcomfin
              • Public environment: ncpcomgov

            • The DKIM signature value must be registered in the following format:

              <selector>._domainkey.<domain> IN TXT "<DKIM signature value>"

            • Registration examples by environments and Regions:

              Private environment - Korea Region: ncpcompubkr._domainkey.domain.com
Private environment - Japan Region: ncpcompubjpn._domainkey.domain.com
Private environment - Singapore Region: ncpcompubsgn._domainkey.domain.com
Financial environment: ncpcomfin._domainkey.domain.com
Public environment: ncpcomgov._domainkey.domain.com

            • When you register the DKIM signature value, make sure to check and set the following items.

              Caution

              Cautions regarding the length of TXT records are as follows:

              • Cloud Outbound Mailer supports only 2048 bit DKIM signatures to maintain a higher level of security.
              • Cloud Outbound Mailer's DKIM signature value (public key) has 392 characters, which exceeds the typical maximum input length of DNS TXT record (255 characters). Therefore, you need to separate the syntax with double quotation marks and enter it in multiple lines.
              • For Global DNS, the TXT record automatically wraps if it exceeds 255 characters. This allows the signature value to be registered as is. For more information, see Global DNS.
              • Contact your domain service provider for instructions on how to separate and register the TXT record that has more than 255 characters and whether they support it.

            • Refer to the following command examples and check if the DKIM signature value is properly registered and viewed:

              nslookup -q=txt ncpcompubkr._domainkey.domain.com

            • It should be viewed as in a multi-line form of 2 string blocks for normal authentication as follows:

              ncpcompubkr._domainkey.domain.com text =
"v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA25Dh71cXQ243vpAdU86jFbn14U8+VlWz28m6C7XVs/XLu80mDBksJOYiIpqU+je5XjdPA0AwCHRg+gtiJhoAlVI4mgQQnL7oV7f3IFlFeraHKxukSeVo1q082AeMymv2LHqU967F+P3yggyOSv4T6n29BrG5ODB9V/lnu8Py6ONUaWLX8nLOqJ5EZ"
"9f5PPyFIa11u9KIG49+pM6Gp2Wd/F/EYsWGyaGtxZ4gg67D5CLzcqh63M0DwUNJX+qPVdojv33veexQcJw1N+vpa4gQ7U963Zf3kcEaMhcXb3KqXyYLh2CIT3D1c3PUbfWwMlPfL5ADhFLvD342r4skPTUmKQIDAQAB"

          6. Return to the Domain Management menu on NAVER Cloud Platform console and click your domain in the domain list.

          7. Under SPF/DKIM authentication, click the [Authenticate] button for DKIM.

            • When authentication is successful, the authentication date is displayed.
            • If authentication fails, the DNS lookup and resolution failed, so check the TXT record of your DNS.

          8. Click the [Enable] button for DKIM.

            • The DKIM authentication changes to the Enabled status and the [Enable] button changes to [Disable].
            Caution

            If DKIM authentication is enabled and you click the [Disable] button to change it to the Disabled status, it may affect the authentication of emails being sent.

          9. Test that it has been applied successfully by sending an email using the domain.

            • In the From: field, type the domain that will be used when you send an email.
            • After you send the email, open the email in your inbox to check the DKIM authentication information.
              • NAVER Mail: click i_cloudoutboundmailer_navermail_option > Show original at the top of the email body and check the Authentication-Results header in the Show original popup window.
              • Gmail: click i_cloudoutboundmailer_gmail_option > Show original at the top of the email body screen and check the DKIM entry on the original email screen.
              • For other email services, contact your provider for instructions on how to check DKIM.

          DMARC authentication

          Once the domain registration is successfully completed, you can add DMARC authentication. To add DMARC authentication, follow these steps:

          Note

          Because DMARC authentication works on top of SPF and DKIM authentication, it is recommended that you have SPF and DKIM authentication in place in addition to DMARC authentication.

          1. Visit your domain provider's website to register the DMARC signature value in the TXT record of your DNS.

            • For the DMARC record name, _dmarc must be entered before the domain.
              Example: _dmarc.domain.com
            • The DMARC record value is structured as follows:
              Example: v=DMARC1; p=none; aspf=r; adkim=r; rua=mailto:report@example.com

            Each item is organized as follows:

            ItemValue and descriptionRequired
            vVersion information
            DMARC1Enter as            		Required
            pPolicy for email that is not DMARC authenticated on the receiving server
            • none: receive email without action
            • quarantine: receive email in the spam folder
            • reject: block receipt and process bounces
            		Required
            spPolicy for email coming from subdomains
            • none: receive email without action
            • quarantine: receive email in the spam folder
            • reject: block receipt and process bounces
            		Not required
            aspfSpecify whether to match strings in email information and SPF signatures
            • s: full matches
            • r(Default): allow partial matches (allow subdomains)
            		Not required
            adkimSpecify whether to match strings in email information and DKIM signatures
            • s: full matches
            • r(Default): allow partial matches (allow subdomains)
            		Not required
            ruaEmail address to receive DMARC processing reports for this domain
            Enter mailto: before the email address
            Multiple email addresses can be specified by using commas (,)            		Not required
          Note

          For more information about DMARC records, see RFC 7489 document.

          1. On NAVER Cloud Platform console, click Services > Application Services > Cloud Outbound Mailer in order.
          2. Click the Domain Management menu.
          3. Select a domain to perform DMARC authentication from the domain list.
          4. Under DMARC authentication, click the [Authenticate] button for DMARC.
            • When authentication is successful, the authentication date is displayed.
            • If authentication fails, the DNS lookup and resolution failed, so check the TXT record of your DNS.
          5. Test that it has been applied successfully by sending an email using the domain.
            • In the From: field, type the domain that will be used when you send an email.
            • After you send the email, open the email in your inbox to check the DMARC authentication information.
              • NAVER Mail: click i_cloudoutboundmailer_navermail_option > Show original at the top of the email body and check the Authentication-Results header in the Show original popup window.
              • Gmail: click i_cloudoutboundmailer_gmail_option > Show original at the top of the email body screen and check the DMARC entry on the original email screen.
              • For other email services, contact your provider for instructions on how to check DMARC.

          Share domain

          You can share or unshare an authenticated domain to make it available or unavailable to other users. In domain sharing, a requester requests sharing, and the domain owner agrees to share.

          Request domain share (domain share requester)

          To request a domain share from a domain owner as a share requester, follow these steps:

          1. In the NAVER console, click Services > Application Services > Cloud Outbound Mailer in order.
          2. Click the Domain Management menu.
          3. Click the [View project key] button.
          4. When the View project key popup window appears, click the [Copy] button and forward the project key to the domain owner.
            • The domain owner must register the project key to complete domain sharing.
            • When domain sharing is completed, the shared domain is automatically added to the domain list.
          Note

          The user with whom the domain is shared does not have permission to set up and enable or disable SPF/DKIM authentication for the domain. When the domain owner stops using SPF/DKIM, the users with whom the domain is shared will also have their authentication use discontinued.

          Authorize domain sharing (domain owner)

          To authorize domain sharing as the domain owner, follow these steps:

          1. In the NAVER console, click Services > Application Services > Cloud Outbound Mailer in order.
          2. Click the Domain Management menu.
          3. In the domain list, click the domain you want to share.
          4. In the project key field in the Details section, enter the project key value you received from the domain sharing requester and click the [Add] button.
            • The project key is added to the list and the domain sharing is complete.
            • The domain is automatically added to the share requester's domain list.

          Unshare domains

          Only the domain owner can unshare a domain. To unshare a domain, follow these steps:

          1. In the NAVER console, click Services > Application Services > Cloud Outbound Mailer in order.
          2. Click the Domain Management menu.
          3. In the domain list, click the domain you want to unshare.
          4. In the Share domain list, locate the project key of the account you want to unshare and click the [Delete] button.
            • The account that uses the project key can no longer use the domain.

          Delete domains

          To delete a registered domain, follow these steps:

          Note
          • Deleting a domain may affect mail that is currently being sent.
          • If you re-register a domain after deleting it, you must go through the authentication and security procedures again because the authentication token and SPF/DKIM signature value change, even if the domain is the same.
          1. In the NAVER console, click Services > Application Services > Cloud Outbound Mailer in order.
          2. Click the Domain Management menu.
          3. Select the domain you want to delete from the domain list and click the [Delete] button.
          4. When the Delete domain popup window appears, click the [Delete] button.
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout