How to enable DKIM signing and configure primary and additional domain records
DomainKeys Identified Mail (DKIM) is an open protocol for protecting email users against email address identity theft and email message content tampering. It does this by providing positive identification of the signer’s identity along with an encrypted “hash” of the message content.
To configure and use DKIM: The system administrator creates a private/public key pair for the server and publishes the public key in the domain’s domain name server. Using the private key, the sending server creates a signature for each outgoing message. The resulting signature data is stored in a “DKIM-Signature” header within the message. The receiving server obtains the signature from the “DKIM-Signature” header, uses DNS to lookup the public key and policy.
- Select Security
- Select Security Settings
- Expand Sender Authentication
- Select DKIM Signing
- Check Sign eligible outbound messages using DKIM
- Check ...sign mailing list messages also (optional).
This will sign every message for all mailing list users, processing times are likely to increase for large lists.
- Either enter a new selector or use the default selector, MDaemon.
- Click Create new public and private keys.
- Select Yes to have MDaemon generate keys used to create your published DKIM record.
MDeamon creates the dns_readme.txt file in the \MDaemon\Pem\MDaemon\ directory and opens the file onscreen.
In the DNS server, create a TXT record called MDaemon._domainkey.domain.com
- Where MDaemon is the selector name and domain.com is your MDaemon domain name.
The highlighted public key should be entered inside the MDaemon._domainkey.domain.com TXT record.
- NOTE** Do not use this public key! Use the key generated in the dns_readme.txt file.
Repeat the above process for additional domains in MDaemon with the following considerations.