Products
- Network Security
  - Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
  - Security ServicesComprehensive security for your network security solution
  - Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
  - Capture ATPMulti-engine advanced threat detection
  - Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
  - Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
  - Secure Mobile AccessRemote, best-in-class, secure access
  - Wireless Access PointsEasy to manage, fast and secure Wi-FI
  - SwitchesHigh-speed network switching for business connectivity
- Email Security
  - Email SecurityProtect against today’s advanced email threats
- Cloud Security
  - Cloud App SecurityVisibility and security for Cloud Apps
  - Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
  - Capture ClientStop advanced threats and rollback the damage caused by malware
  - Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
  - Product Menu Right Image
  - Capture Cloud Platform
    Capture Cloud Platform
    A security ecosystem to harness the power of the cloud
- Button Widgets
  - Products A-Z
    all products A–Z FREE TRIALS
Solutions
- Industries
- Use Cases
- Solutions Widgets
  - Solutions Content Widgets
    Federal
    Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
  - Solutions Image Widgets
Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
  - Custom HTML : Partners Content WIdgets
    Partner Portal
    Access to deal registration, MDF, sales and marketing tools, training and more
  - Partners Image Widgets
Support
- Support
- Resources
- Support Widget
  - Custom HTML : Support Content WIdgets
    Support Portal
    Find answers to your questions by searching across our knowledgebase, community, technical documentation and video tutorials
  - Support Image Widgets
COMPANY
PROMOTIONS
MANAGED SERVICES
Contact Sales

English English en

Support

Support on SonicWall Products, Services and Solutions

Browse Knowledgebase by Category

Capture Security Center

Management and Reporting

What is DKIM record and how to create it?

12/20/2019 1218 56268

DESCRIPTION:

What does DKIM do?
DKIM is a process to validate sending domain names associated to email messages through cryptographic authentication. It achieves this by inserting a digital signature into the message header which is later verified by the receiving host to validate the authenticity of the sending domain.
What to consider before creating the DKIM record?
Step 1: Determine which domains are allowed to send outbound mail on its behalf.
Step 2: Create the DKIM public/private keys and the policy record. The ‘public’ key will be used in your public-facing DNS TXT record along with what’s called a policy record.

The ‘private’ key will be used on your sending MTA. When an outbound message is sent from the sending MTA, it will add the private key to the message header for identification and validation by the receiving domain by way of the public key. This uses a new domain name identifier to digitally sign the message.

Some online wizards that you can use to assist with the public/private key generation and policy record creation for DKIM. Just specify your domain name and the selector being used.
http://www.socketlabs.com/services/dkwiz

Step 3:Create TXT records using the DKIM information created from these wizards. Be sure to include DKIM records for all of your applicable sending domains. These records will be included in your public facing DNS record for each sending domain. There are basically two types of DNS records used by Domain Keys; policy records and public key records.

Policy records:
A domain name using Domain Keys should have a single policy record configured.
This is a DNS TXT-record with the name "_domainkey" prefixed to the domain name - for example "_domainkey.example.com". The data of this TXT-record contains the policy which is basically either "o=-" or "o=~". "o=-" means "all e-mails from this domain are signed", and "o=~" means "some e-mails from this domain are signed". Additional fields for test (t), responsible e-mail address (r), and notes (n) may also be included - for example "o=-;

Step 4:Be sure that your existing sending MTA’s support DKIM. If not, upgrade them them so that they will have DKIM support. The sending MTA’s are your last touch systems of outbound mail flow and this is where DKIM signatures will attached to the outbound messages. An agent in the message transit path can sign the message content and selected header fields. The signature information is placed into a field of the RFC2822 message header.

DKIM defines an authentication mechanism for email, using:
A domain name identifier
Public-key cryptography
A DNS-based public key publishing service.
What is a DKIM "selector"?
A selector is arbitrary string appended to the domain name, to help identify the DKIM public key. It is part of the DKIM signature, and is inserted into the DKIM-Signature header field.
During the validation process, the selector adds an additional name component, allowing for differential DNS query names. There are varying DKIM DNS records associated with different selectors, under the same domain name.
EXAMPLE: eslab.us._domainkey.example.com.
How is a DKIM signature recorded in a message? A DKIM signature is recorded as an RFC2822 header field for the signed message.
EXAMPLE:
DKIM-Signature a=rs-sha1; q=dns;
     d=example.com;
     i=user@eng.example.com;
     s=jun2005.eng; c=relaxed/simple;
     t=1117574938; x=1118006938;
     h=from:to:subject:date;
     b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSb
     av+yuU4zGeeruD00lszZVoG4ZHRNiYzR

Add a 'TXT' type DNS record, set value to the line
Click the Add A TXT Record button
In the Name field enter a string that will distinguish this key from any others, also known as a selector prefix, e.g. Google._domainkey
In the Data field enter your public encryption key

EXAMPLE: v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeIhtCv3vUinyhKiKtZ8efjHGGo8gE1T+o7gLrvo6yRtdz9ICe6Fz5sgz0WYFW5nCV4DmaTcS25TfgWKsLggGSBdDxzShyvgdKJkG3b4+73rT/5opnRceqQf1qndnMZfkb/0/YciMKNQmigj9IGwKypj6CoIr1s46jRGy4Ws7LQIDAQAB
Click Add TXT Record and allow up to 24hrs for the changes to take effect
For more reference, you can go to:http://www.dkim.org/

Was This Article Helpful?

Yes No

Not Finding Your Answer?

ASK THE COMMUNITY

Stay In Touch

Email Address*
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time at Manage Subscriptions.
Country
Company
States
Dnb- ZIP
Dnb- Phone
elqCampaignId
elqTrackId
utm_campaign
utm_medium
utm_source
utm_term
utm_content
gclid
sfdc_campaign_id
DnB - Address
DnB - First Name
DnB - Last Name
DnB - Duns
DnB - Global Ult (HQ) DUNS
DnB - Global Ult (HQ) Company
DnB - Employee Count
DnB - Trade Name
DnB - Currency
DnB - Vanity Title
DnB - Country
DnB - State
DnB - Zip
DnB - City
DnB - Global Employee Count
DnB - SIC Code
DnB - SIC Description
DnB - NAICS Code
DnB - NAICS Description
DnB - Revenue
DnB - Domain
DnB - Business Phone
DnB - Company
DnB - DataSource
DnB - DMACode
DnB - EmployeeRange
DnB - Fortune1000
DnB - Fortune200
DnB - Industry
DnB - Postal Code
DnB - PrimarySIC
DnB - SubIndustry
DnB - PrimaryNAICS
DnB - StockTicker
DnB - Revenue Range
DnB - State or Province
DnB - Website
Phone
This field is for validation purposes and should be left unchanged.

Capture Cloud Platform

Federal

Partner Portal

Support Portal

Capture Cloud Platform

Federal

Partner Portal

Support Portal

What is DKIM record and how to create it?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Not Finding Your Answer?

Stay In Touch

What is DKIM record and how to create it?

Categories

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Not Finding Your Answer?

Stay In Touch