Get started >
Get in contact with SonicWall Authorized Distributors. >
Get In Touch >
Get expert guidance >
Partner to win with SonicWall.
A sophisticated enablement platform designed to train partners.
Access to deal registration, MDF, sales and marketing tools, training and more.
Join the SecureFirst Partner Program.
Get in contact with the SonicWall Authorized Distributors.
Extensive technical training curriculum for partners.
Learn about SonicWall technology and alliance partners. >
Expand your managed security offerings with the MSSP Program and Security-as-a-Service (SECaaS). >
Contact the SonicWall Channel team. >
Find the answers to your questions by searching or browsing our knowledge base.
Our Support Videos help you set-up, manage and troubleshoot your SonicWall appliance or software
Get official SonicWall Technical Documentation for your product.
Professional Services delivered by SonicWall Partners
Review our Support Offerings and Policies
Develop SonicWall product expertise and earn industry recognized Certifications
Create a support ticket or contact us by phone >
Manage license, services software and firmware for SonicWall products >
Obtain a quote or renew a support contract >
See how we solve complex network security threats for customers like you
Learn about network security threats and how to stop them with SonicWall white papers.
Learn how our customers prevent complex network security threats around the globe.
News, trends and insights from SonicWall security experts
Get expert guidance on best practice solutions to fit your needs
Get details on SonicWall product features, specifications and ordering in our datasheets.
What is DKIM record and how to create it
Question: What is DKIM record and how to create it. Answer: What does DKIM do? DKIM is a process to validate sending domain names associated to email messages through cryptographic authentication. It achieves this by inserting a digital signature into the message header which is later verified by the receiving host to validate the authenticity of the sending domain. What to consider before creating the DKIM record? Step #1: Determine which domains are allowed to send outbound mail on its behalf. Step #2: Create the DKIM public/private keys and the policy record. The ‘public’ key will be used in your public-facing DNS TXT record along with what’s called a ‘policy record’. The ‘private’ key will be used on your sending MTA. When an outbound message is sent from the sending MTA, it will add the private key to the message header for identification and validation by the receiving domain by way of the public key. This uses a new domain name identifier to digitally sign the message. Some online wizards that you can use to assist with the public/private key generation and policy record creation for DKIM. Just specify your domain name and the selector being used. http://www.socketlabs.com/services/dkwiz http://www.port25.com/support/support_dkwz.php What is a DKIM "selector"? A selector is arbitrary string appended to the domain name, to help identify the DKIM public key. It is part of the DKIM signature, and is inserted into the DKIM-Signature header field. During the validation process, the selector adds an additional name component, allowing for differential DNS query names. There are varying DKIM DNS records associated with different selectors, under the same domain name. For example: eslab.us._domainkey.example.com Step #3: Create TXT records using the DKIM information created from these wizards. Be sure to include DKIM records for all of your applicable sending domains. These records will be included in your public facing DNS record for each sending domain. There are basically two types of DNS records used by DomainKeys; policy records and public key records: 1) Policy records: A domain name using DomainKeys should have a single policy record configured. This is a DNS TXT-record with the name "_domainkey" prefixed to the domain name - for example "_domainkey.example.com". The data of this TXT-record contains the policy which is basically either "o=-" or "o=~". "o=-" means "all e-mails from this domain are signed", and "o=~" means "some e-mails from this domain are signed". Additional fields for test (t), responsible e-mail address (r), and notes (n) may also be included - for example "o=-; Step #4: Be sure that your existing sending MTA’s support DKIM. If not, upgrade them them so that they will have DKIM support. The sending MTA’s are your last touch systems of outbound mailflow and this is where DKIM signatures will attached to the outbound messages. An agent in the message transit path can sign the message content and selected header fields. The signature information is placed into a field of the RFC2822 message header. DKIM defines an authentication mechanism for email, using: A domain name identifier Public-key cryptography A DNS-based public key publishing service. How is a DKIM signature recorded in a message? A DKIM signature is recorded as an RFC2822 header field for the signed message. For example: DKIM-Signature a=rsa-sha1; q=dns; d=example.com; firstname.lastname@example.org; s=jun2005.eng; c=relaxed/simple; t=1117574938; x=1118006938; h=from:to:subject:date; b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSb av+yuU4zGeeruD00lszZVoG4ZHRNiYzR Add a 'TXT' type DNS record, set value to the line · Click the Add A TXT Record button · In the Name field enter a string that will distingush this key from any others, also known as a selector prefix, e.g. google._domainkey · In the Data field enter your public encryption key, e.g v=DKIM1; k=rsa; p=p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeIhtCv3vUinyhKiKtZ8efjHGGo 8gE1T+o7gLrvo6yRtdz9ICe6Fz5sgz0WYFW5nCV4DmaTcS25TfgWKsLggGSBdDxzShyvg dKJkG3b4+73rT/5opnRceqQf1qndnMZfkb/0/YciMKNQmigj9IGwKypj6CoIr1s46jRG y4Ws7LQIDAQAB · Click Add TXT Record and allow up to 24hrs for the changes to take effect For more reference, you can go to: http://www.dkim.org/
Request a topic for a future Knowledge Base article