How To Setup DKIM For Your Domain
Posted by , Last modified by on 01 August 2012 02:13 PM

Introduction

DKIMstands for DomainKeys Identified Mail. DKIM creates a domain-level authentication framework for email by using private-key technology and DNS record to prove the source and content of a message.

You can find general information about DKIM at http://dkim.org and the DKIM FAQs at http://dkim.org/info/dkim-faq.html.


 

Deployment instructions

  1. You need to allow the DKIM signing using the Icewarp Administration console/Global Settings/Domains/Enable DKIM option.

  2. First you should specify the selector in the Icewarp Administration console/<domain>/DKIM/Selector field. It could be any string you want.

  3. Use DKIM/Generate Private Key button to create private key. It will use the default certificate to generate it. The length 512 b is sufficient. It's needed to sign the messages.

  4. Use DKIM/Retrieve Selector to populate DKIM/Selector data field. You will need this string for your DNS record.

  5. The Selector data should be included in your DNS TXT record for: <Selector>._domainkey.<domain name>

You'll have to wait about one day until the DNS record spreads across the DNS server structure.

  1. Now every server, which performs DKIM verification should be able to authenticate your signed emails. You can use our DKIM signature verificator available at:

dkim-test (at) demo.icewarp (dot) com

It should auto-reply with the successful DKIM test results.



Example


I want to setup DKIM signature for domain:

Icewarpdemo.com

First I randomly choose the selector:

rtfm

then I generate the private key and retrieve selector data, which should look like this (it's one line):

v=DKIM1; k=rsa; n=512; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAP99+bJXKbnc6zr8o3YCR2SIxayvbB5DK4 a0S9aCB5H20WWuSMFp9I3smdgqTeEFFu6pooNC4G1WMu2rTyS2Ei8CAwE

then I publish this into DNS TXT record for:

rtfm._domainkey.Icewarpdemo.com

I wait until it's on all DNS servers and that's it.

 


Note
You should use Icewarp 9.1 or newer for creating DKIM signatures, because ther were some problems with previous versions.