Set up DKIM

If your sending domains already sign with DKIM, then this should not be changed. We will forward the DKIM signed messages along to the recipient.

If there is no DKIM signing, you can decide to either sign this on your sending MTA, or sign with Mail Assure. It is not compulsory to sign with DKIM, however it often helps to "authenticate" your senders as much as possible.

For further information on DKIM including why we recommend using it and how it works, see DKIM Certificate Generation.

Generate a DKIM certificate in the Mail Assure Control Panel

  1. Login to Mail Assure to the Domain Level Control Panel
  2. Select Outgoing > DKIM

  3. Choose the DKIM key length

    The recommendation is to use 2048, if your DNS accepts it

  4. Enter the DKIM selector and click on Generate and save new private/public pair

    5. The DKIM selector can be whatever you want it to be.

  5. Once the key has been generated, create a TXT DNS record on the hostname, for example for:

    selector1._domainkey.example.invalid

    Where:

    • selector1 is what was entered into the DKIM selector field in Mail Assure
    • _domainkey remains as it is
    • example.invalid is replaced by your domain name

    And enter value of this DNS record equal to the key given in the green box in Mail Assure e.g.

    v=DKIM1;
	k=rsa;
	p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMXXXXXXcqo8bs5hLiVqaraXopOAxV+1RAD5PolF4r7u1UPMmEnBo+ncGRxRN5W7vc01yeePr5D118gJPIFaeWz0fLKFORPYr44dWqCJuWhVz/BOg/+ih+1z1kCu6pfqP3Fkvh10ALsv8bDQRsfLY62s2Rc+r+1hJlVH5KpOxQ9BNDWO2g51iMjIJ4xCSnaNavZqEHyQSUmmi/mtJa/8tNRZ/ZxQOOh76mz2/9tlKHynns58cjfeVD+OszAdMjVxWigDCYIuv1XeLqjwZcrroPBJ4o/KAS/typvOn3BCsgSr5L2UmJmZnzSEhyiFGcwCT8owIDAQAB;
  6. In the Mail Assure's Outgoing > Manage Outgoing Users/Authentication page for your Outgoing User/Authentication Method (see Outgoing Users/Authentication Methods), edit this to enter what was used in step #4 in the DKIM Selector field

    If you do not change the DKIM selector in the Outgoing Settings page to the one used in the DKIM key generation page, no DKIM signing will be done by the filter.

Any domain that sends using outgoing authentication that has this selector, should sign with this (assuming they do not have their own DKIM).

For further information on DKIM, see http://dkim.org/info/dkim-faq.html