DKIM on inbound messages

By default, the DKIM DomainKeys Identified Mail-Signature header is removed from all inbound email traffic so that Secure Email Gateway can fully analyze and modify the message, according to your content security policy.

The Gateway can be configured to preserve (more accurately, to re-add) the original DKIM-Signature header on inbound messages on a per-hosted domain basis. This is to allow users with hosted domains on Microsoft 365 to enable onward transport of the original DKIM-Signature, so M365 can form its proprietary “compauth” value more accurately.

Preserve original DKIM signature on inbound messages

1. Navigate to System > SMTP Settings > Mail Domains and Routing. The Mail Domains and Routing page is displayed.

2. Select the Hosted Domains tab.

3. Select the domain(s) you want to configure for DKIM and click Edit. The Edit Hosted Domain dialog is displayed.

   You can select and configure multiple domains at the same time.

4. Select the Inbound DKIM tab.

   Select or clear the Preserve Original DKIM Signature check box as required.

5. Click OK.

6. Apply the configuration.

If you change any configuration or policy settings, you must Apply Configuration for the new settings to take effect. You can do this either from the Changes Made panel, or System > Configuration > Apply Configuration. See Apply new configuration for more information. If you use Peer Gateways (i.e. when multiple Gateways are peered), any configuration changes from a local Gateway can then be applied to all the peers at the same time. See Configure Peer Gateways for more information.