Registreren

DKIM

DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.  

DomainKeys validate that the domain of the from address matches the domain that is sending the message. DomainKeys do not validate the domain of the return path. You must specify the domain that you will use in the from address (From: header) of your messages. (If you will be sending out mail from multiple domains, you will need to go through this process for each one.)

In order to sign your mails you need to insert a DKIM private key for each outgoing (from address) domain in the Mail Delivery Settings in the Application Panel. And a corresponding DKIM public key in the DNS of the  outgoing domain.

 Below we describe how you generate a DKIM key set.

 

Keys are commonly created using openssl (https://www.openssl.org).  If using MS Windows  use https://www.openssl.org/community/binaries.html and install openssl on your windows machine.

DKIM using openssl.

Create your private and public key:

1. Generate Private Key (in PEM format and DER format)

openssl genrsa -out private.key.pem 2048
openssl pkcs8 -topk8 -nocrypt -in private.key.pem -out private.key.der -outform der

  

2. Generate Public Key

openssl rsa -pubout -in private.key.pem

The public key has a content like:

-----BEGIN PUBLIC KEY-----
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6l
MIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7E
XzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB
-----END PUBLIC KEY-----
 

 3. Create a DNS record

Define a selector for your DomainKey, in this sample we use "mailfromcrossmarx"

Copy the data of the public key file into a TXT record for your domain and remove te

-----BEGIN PUBLIC KEY---- and

-----END PUBLIC KEY-----

lines.

Now create a DNS Record as:

 

mailfromcrossmarx._domainkey IN TXT "v=DKIM1; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6lMIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7EXzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB; s=email" 

Common format of a DNS record used for DKIM is

<selector>._domainkey IN TXT v=DKIM1;h=sha256;k=rsa;s=*;t=s;p=<publicKey>

Or use an online tool to create a DNS record from the public key
https://www.dnswatch.info/dkim/create-dns-record

CHECK the validity of your DKIM public key in your DNS with
https://www.mail-tester.com/spf-dkim-check

SOME DNS-PROVIDERS HAVE ISSUES WITH "+" CHARACTERS IN THE PUBLIC KEY
Generate a new private key and check if the public key does not contain + signs.

 4. Insert the dkim private key and selector in the Mail Delivery Settings

First convert the binaire file private.key.der to a readable format using

cat  private.key.der  | base64 -w 0 >  private.key.der.base64

Create a new Mail Delivery Settings record and past the contents of private.key.der.base64 into the "DKIM private key" field and the selector into the DKIM selector field.