This topic describes how you configure DKIMDomainKeys Identified Mail to provide trust against spoof email from your organization's domains.
To configure DKIM signing for outbound messages, you need to:
Configure DKIM signing for each domain by providing public and private key pairs and DNS records from the Mail Domains and Routing page.
The |
If you want to configure public and private key pairs and DNS records, click Mail Domains and Routing.
The Mail Domains and Routing page is displayed.
From the System Center Home page, go to SMTP Settings and click Mail Domains and Routing.
The Mail Domains and Routing page is displayed.
In the Hosted Domains tab, select the domain(s) you want to configure for DKIM and click the Configure DKIM Signing option.
The Configure DKIM Signing dialog is displayed.
You can configure multiple domains at the same time by selecting all check boxes. |
To complete the Configure DKIM Signing dialog:
Enter a value for Selector. By default, the value for the selector is everyone.
Using a selector enables you to have multiple public keys per sending domain. For example, a selector enables you to have different public keys for subsets of an organization’s domain name such as department or mail server. |
The selector must contain a minimum of 1 and a maximum of 63 alphanumeric lower case characters, optionally followed by a dot and another 1-63 alphanumeric lower case characters. For example, department2.engineering1 |
Use the option buttons to select whether you want to sign messages using a new or an existing private key.
Although DKIM requires a private and public key pair, you only need to create a private key as the
Clearswift recommends creating RSA keys with a key length of at least 1024 bits. However, when importing keys of 2048 bits and above into a DNS server, Clearswift advises that you check the format of the key to ensure it complies with the requirements of the DNS server. |
The easiest way to create keys for DKIM purposes is to open Server Console and select Open Terminal Session. Log on using your cs-admin credentials and enter the following text which generates an RSA key of 1024 bits.:
openssl genrsa -out <private.key> 1024
where <private.key>
is the name of the key you want to create.
Enter and confirm the password for the new public/private key if required.
Use an alias to create a name that can be easily identified when you want to assign the same key pair to multiple domains. This alias has no impact on the DKIM signing or verification processes. |
Click Save.
Click Export DKIM DNS Record and save the file to an appropriate location.
The |
You must add the created records to your organization's DNS.
© 1995–2019 Clearswift Ltd.