This topic describes how you configure DKIM
DomainKeys Identified Mail to provide trust against spoof email from your organization's domains.
To configure DKIM signing for outbound messages, you need to:
Step 1: Enable DKIM signing from the SpamLogic Settings page
Step 2: Configure DKIM signing for each domain by providing public/private key The secret key kept on the sender's computer that the sender uses to digitally sign messages to recipients and to decrypt messages from recipients. Private keys should be password protected. pairs and DNS records from the Mail Domains and Routing page
|
The |
Step 3: Add DNS records to your organization's DNS
Enable DKIM signing
-
Navigate to Policy > Manage Policy Definition > SpamLogic Settings. The SpamLogic Settings page is displayed.
-
Select the Spam Policy tab.
- In the DKIM signing on outbound messages panel, select the Enable DKIM signing on outbound messages check box. If you want to apply DKIM signing to messages such as out-of-office replies, which have empty message sender fields, enable If the message sender is empty, sign using the key for the domain of the From address. Click Save.
-
If you want to configure public/private key pairs and DNS records, click Mail Domains and Routing.
The Mail Domains and Routing page is displayed.
Configure public/private key pairs and DNS records
-
Navigate to System > SMTP Settings > Mail Domains and Routing. The Mail Domains and Routing page is displayed.
-
Select the Hosted Domains tab.
-
Select the domain(s) you want to configure for DKIM and click the Configure DKIM Signing option.
The Configure DKIM Signing dialog is displayed.
You can select and configure multiple domains at the same time.
-
To complete the Configure DKIM Signing dialog:
- Select the Enable DKIM Signing for the selected domain(s) check box.
-
Enter a value for Selector. By default, the value for the selector is "everyone".
Using a selector enables you to have multiple public keys per sending domain. For example, a selector enables you to have different public keys for subsets of an organization’s domain name such as department or mail server.
The selector must contain a minimum of 1 and a maximum of 63 alphanumeric lower case characters, optionally followed by a dot and another 1-63 alphanumeric lower case characters. For example,
department2.engineering1 -
Use the option buttons to select whether you want to sign messages using a new or an existing private key.
You can add a new public/private key by either importing a file containing the key or by cutting and pasting the key value in the box.
Create public and private keys for DKIM signing
Although DKIM requires a private and public key
The key a sender gives to a recipient so that the recipient can verify the sender's signature and confirm that the message was not altered. Recipients also use the public key to encrypt email messages to the sender. pair, you only need to create a private key as the The easiest way to create a private key is to use OpenSSL. Enter the following from the command line to create an RSA key of 1024 bits:
openssl genrsa -traditional -out <private.key> 1024where
<private.key>is the name of the key you want to create.We recommend that RSA keys are created with a key length of at least 1024 bits. However, when importing keys of 2048 bits and above into a DNS server, it is advised that you check the format of the key to ensure it complies with the requirements of the DNS server.
Enter and confirm the password for the new public/private key if required.
Use an alias to create a name that can be easily identified when you want to assign the same key pair to multiple domains. This alias has no impact on the DKIM signing or verification processes.
Click Save.
-
Click Export DKIM DNS Record and save the file to an appropriate location.
The
everyone._domainkey.clearswift.com.You must add the created records to your organization's DNS.