6.6 Enabling DKIM Signing

DKIM signing is a DNS function. For more information on DKIM please see OpenDKIM.org.

6.6.1 Prerequisites

DKIM signing needs to be configured under the domain in Secure Messaging Gateway.A public key needs to be created or configured in the domain. This key will needto be entered into your public DNS so that recipients may verify the signature.

For example:

6.6.2 Setting up DKIM Signing

  1. Create a new TXT record in your DNS that Secure Messaging Gateway will use to sign each message. The DNS TXT record is required to be of the form: <selector>._domainkey.<domain>.

    For example, the TXT record for the above screenshot would be: 20171003._domainkey.doc.mf.net.

  2. The content of the TXT record is the key within the parentheses "()".

    For example, using the example above, you would copy into the TXT record: "v=DKIM1; k=rsa; s=email; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBgKRxlt5FsetvBRRsHN9GUtyiibmbfNwh1wqrtAY/O3Nv8AlZE8FFqb9doztZ/ktU155ZGoRX/TpMrWInhD47qXVf7z6Wz8tZsIF5w0uvJcWXOMDJ+If7X7d7Vaf432E3ArejAQcTf4+FQ69G1op/HkeWyStjkk7nVHRXDprUY1/0XSuHFGTD1BK+Ci3yMN98qRcFzWS+kyWj""g44Gt79XZOh/qv1ESLo4SGdNQtb0VxwGFJ6kpOlLP2EJBqiBaWtYOAxrz9Kf2hvVCF6uhRV4iyzd5o9IrwedkIx7QyYdGu7cI+blh9bVd6VxuzX7gxxV722iYewA1h5iJBAAd7jwIDAQAB"

  3. Finally, you need to create a DKIM signing service in Secure Messaging Gateway, either in an existing policy or in its own policy. No other configuration is necessary. In this example all mail will have DKIM signatures added. More sophisticated filters can be created if only some emails should be signed.

  4. To verify that this worked send a message from the domain that is DKIM signing to an external domain. The DKIM signature should be added to the message.