PerfectMail™ Antispam/Antivirus is a simple, accurate, and easy to use solution! FOLLOW US :
Toll Free: +1 888-451-3131
+1 905-451-9488

DomainKeys Identified Mail (DKIM)

DKIM is a signing mechanism that allows a mail server to verify if the content was sent from one of your servers. While SPF focuses on e-mail delivery and the servers that actually delivery e-mail, DKIM focuses on the content of the message and where it says it originates from.

DKIM makes use of cryptographic mechanisms to create a signature that is added to the e-mail envelope headers that is very hard to fake, but easy to verify using a DKIM Key that you publish in your DNS Records. So a mail server can check to see if your servers actually sent the e-mail that has your domain name in the from address.

How to Create your DKIM Record

Unlike the other authentication mechanisms, your DKIM Record is implemented in both your DNS records and your mail server infrastructure. A Private Key is generated and placed on your PerfectMail Server for signing your outgoing e-mails. A Public Key is generated and you place it as a DNS Record for your domain.

You can generate the Private/Public Keypair on your PerfectMail Server or someplace else and update your server and DNS with the generated content.

PerfectMail has Two-Sets of DKIM Keys

PerfectMail has two ways to use DKIM!

  1. Domain-Based DKIM Configuration
  2. Optional: Server-Wide DKIM Configuration
    1. You should use Domain-Based DKIM to create key-pairs for each of your protected domains. However, We also have an optional Server-Wide option, to allow for a common signing mechanism across the entire server. This is not the preferred strategy for DKIM signing, but it may offer you a way of quickly signing all e-mail flowing through your server as you work through adding DKIM Signing to your protected e-mail domains.

      Domain-Based: Creating a Private/Public Key-Pair for your Domain

      1. Log in to your PerfectMail administrator interface.
      2. Navigate to: Domain Admin > Domains > {your-domain} > DKIM
      3. There are switches to enable DKIM for this domain and to use these DKIM settings for your domain. It is possible to use a server-wide settings (described below), where a DKIM key that can be maintained for the server itself; though this is not optimal for your domain.
      4. Next enter the DKIM Domain that will be used to sign your e-mail. This should be the same name used in your e-mail addresses (after the '@' sign.) Also set a DKIM Selector. The DKIM Selector is a simple string used to denote different DKIM keys, if you change them. You can use a short and simple string for this value. A common value is something like "s1", which would mean 'selector version 1'. The text does not matter and is only used in this context.
      5. At the bottom of the form click the button to Generate a new DKIM Key. This will fill the DKIM Private Key, Public Key and display the DKIM DNS String, above.
      6. Create a DNS TXT Record for your domain. The address for this record is shown just above the DKIM DNS String and will look something like s1._domainkey.yourdomain.com (if you used the suggested 's1' DKIM Selector, from above.) The content in the DKIM DNS String box is the value to be added to this DNS Record. (Some DNS interfaces need the DNS value to be quoted and escaped. There is an option just below the DKIM DNS String box, that allows you to Escape the DNS string for DNS.)
      7. Lastly, click the Update button at the bottom of this page, to save your changes.

      Optional: Server Wide DKIM Signing

      You can also sign your e-mail using server wide signing. With this strategy you can vouch for all e-mail originating from your mail server by using a common signing mechanism. This is not the preferred strategy for DKIM signing, but may offer you a way of quickly signing all e-mail flowing through your server as you work through adding DKIM Signing to your hosted e-mail domains.

      The domain name used for your DKIM public key and the From e-mail address are compared by mail filtering software. When these domain names match they are said to be aligned. Aligned domain names make authentication decisions much stronger. In a server-wide DKIM signing scenario, the domain names for the DKIM public record and the signing string are not in alignment. This mis-alignment was a part of the original DKIM/DomainKeys specification, but is now being frowned on, in favor of aligned domain names.

      1. Log in to your PerfectMail administrator interface.
      2. Navigate to: Server Admin > DKIM
      3. Enable Server-based DKIM Signing to make this DKIM key available for all domains hosted on your PerfectMail server.
      4. Next enter the DKIM Domain that will be used to sign your e-mail. This should be a domain name you have control over and can use to specify DKIM signatures for this server. We suggest using the fully qualified hostname for your PerfectMail server.
      5. Set a DKIM Selector. The DKIM Selector is a simple string used to denote different DKIM keys, if you change them. You can use a short and simple string for this value. A common value is something like "s1", which would mean 'selector version 1'. The text does not matter and is only used in this context.
      6. At the bottom of the form click the button to Generate a new DKIM Key. This will fill the DKIM Private Key, Public Key and display the DKIM DNS String, above.
      7. Create a DNS TXT Record for your server. The address for this record is shown just above the DKIM DNS String and will look something like s1._domainkey.yourserver.yourdomain.com (if you used the suggested 's1' DKIM Selector and use your PrefectMail server hostname, as suggested.) The content in the DKIM DNS String box is the value to be added to this DNS Record. (Some DNS interfaces need the DNS value to be quoted and escaped. There is an option just below the DKIM DNS String box, that allows you to Escape the DNS string for DNS.)
      8. Click the Update button at the bottom of this page, to save your changes.
      9. For each domain that will use a server-wide DKIM signature, do the following:
        1. Navigate to: Domain Admin > Domains > {your-domain} > DKIM
        2. Ensure the Enable DKIM Server Signing switch is set for this domain. (Don't forget to click the Update button after making changes.)
      NOTE: A DKIM record generator is coming to this space soon.

      See also..

      Comments

      No comments yet.




      (optional)

Last modified: 2024-07-19, 14:43

© 1999-2013 PerfectMail