DKIM keys

DomainKeys Identified Mail (DKIM) secures outgoing emails with an electronic signature. By evaluating this signature, the recipient can see whether the email was sent from the correct domain (ensuring authenticity) and whether it was modified during transport (ensuring integrity).

DKIM-signed emails can also be read by email recipients who cannot evaluate the DKIM signature. For these recipients, DKIM-signed emails look exactly the same as emails without a DKIM signature.

When you add a new DKIM key, the required asymmetric key pair is generated by NoSpamProxy for you. The secret private part of the asymmetrical key is stored securely in the NoSpamProxy settings and is therefore only known to you.

Adding DKIM keys

1. Go to Identities > Email authentication > DKIM keys.
2. Click Add.
   
3. Specify the domain where you want to publish the DKIM key.
4. Specify a selector.
   
5. Click Next.
6. Publish the two entries shown to the DNS zone of the respective domain.
   
7. Click Finish.

NOTE: To use the DKIM key, you must activate it under Corporate domains. Before doing so, make sure that the verification of the key is successful.

TIP: Alternatively, you can create your own RSA key with OpenSSL, for example, and import it using the corresponding button.

Enabling DKIM for corporate domains

You will need to activate the DKIM keys you create for your corporate domains. See Activating DKIM.

Importing DKIM keys

1. Go to Identities > DKIM keys > DKIM keys.
2. Click Import key.
3. Select the key on your hard disk and click Open.
4. On the following page, select the corporate domain where you want to publish the key.
5. Assign a name for the selector and click Next.
6. Follow the instructions on the next page.
7. Click Finish.

Exporting DKIM keys

TIP: We recommend that you export the DKIM key so that you can recover it in case of data loss. You can do this using the Export key button. The key is stored in PKCS#8 format.

See also

• How to use DKIM version 13 or higher