Email domains can be shared between NetSuite production accounts. DKIM selectors can be configured and shared between NetSuite accounts.
If you are setting up DKIM for the first time, be aware that the number of DKIM selectors is limited
to one selector per email domain. Choose one selector for the shared email domain. Configure that same selector in each account that uses the same email domain.
When naming domain selectors, follow the specifications outlined in RFC 6376 Section 3.1 Selectors and RFC 1035 Section 2.3.1 Preferred name syntax. A few suggestions for naming domain selectors based on these RFCs:
-
The domain selector name (label) must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and a hyphen.
-
Attempting to name a selector beginning with a digit results in an error message that the DKIM selector name is invalid. The record cannot be saved.
-
Valid digits (numbers) are 0 through 9.
-
Both uppercase and lowercase letters are allowed, but no significance is attached to the case of the letter.
-
If using a hyphen as an interior character in the domain selector name, ensure that the character is a hyphen (Unicode U+2010) and not a different character that may look similar to a hyphen.
-
-
The domain selector name must be 63 characters or less.
A suggested best practice is to structure the domain selector name to include information such as the purpose, the owner, and the creation date.
For example, to meet the criteria specified in the RFCs, dec2020-netsuite is a name you could enter in the Domain Selector field in NetSuite.
When you set up your domain name with your domain provider, you would enter the same Domain Selector name along with the ._domainkey suffix as the DNS record.
For example, if you entered dec2020-netsuite in the Domain Selector field in NetSuite, at your domain provider, you would enter dec2020-netsuite._domainkey in the Name field of the DNS TXT record containing the correct DKIM value. When the DNS TXT record is saved, your domain name is automatically appended.
Note:
It has never been possible to use the outbound email domain of your production account for your sandbox account or your Release Preview account. The following procedure discusses shared domain keys between multiple production accounts.