DKIM Signing
DomainKeys Identified Mail (DKIM) signing is a method to secure outbound email messages and make verification easier. This method gives receiving mail servers an accurate way to distinguish genuine messages from spam.
DKIM authentication works the following way:
•Outbound email message headers are signed with DKIM private key.
•Receiving mail server checks the DNS DKIM record that contains a public key.
•If the signature with the private key in message headers match the DNS DKIM record public key, the email is considered genuine and is delivered to the recipient(s).
•Suppose the signature and public key do not match. In that case, the action taken with the email message depends on the configuration of receiving mail server (may have specific rules in place, for example, ESET Mail Security uses DKIM result rule condition for this purpose).
To use the ESET Mail Security DKIM Signing feature, ensure you have the DNS DKIM record configured for your domain. For details on creating a DKIM record, see the What is DKIM record and how to create it? article. The article also include an example of a DKIM record. Also, you can try using an online DKIM Generator to generate DKIM private and public keys.
When done, we suggest you use the DKIM Record Checker or MXToolBox to verify the public DKIM key is present and that you have the syntax correctly implemented.
Configure the DKIM Signing in ESET Mail Security by specifying DKIM domains and a list of email headers to be signed. DKIM signature is added to selected message headers. Each DKIM signature contains information that mail servers can use to verify the authenticity of the email message as they pass it along the way toward the final destination. If you are using multiple domains for outbound messages, you can configure DKIM signing for each domain separately.
|
Enable DKIM signing under Server > Integration in the Advanced setup. For Agent priority setup, we recommend you keep the ESET DKIM Agent priority in the last place, at the bottom, to ensure the headers are signed last after any modifications to headers done by previous agents. |
DKIM domains
Define settings for each domain for DKIM signing. Click Edit to open the DKIM domains window. Click Add to create New DKIM settings or Edit to modify existing ones.
•Domain—Type in the domain (e.g. domainname.local).
•Selector—A selector is specified as an attribute for a DKIM signature and is recorded in the DKIM-Signature header field.
•Client certificate—Click Select and choose the client certificate used for DKIM signing.
List of email headers to be signed
Click Edit to open the List of email headers to be signed window, click Add to add new headers or Edit to modify existing headers in the list.
