DKIM DomainKeys Identified Mail
is a mechanism to
check if an incoming email's FROM address is forge.
DKIM adds a special header to every out-bound email, which can be used to confirm the message authenticity. Xeams can not only check
the DKIM signature of an incoming email from the Internet, it can also sign an outbound message with a private key that can be verified
by a receiving server.
Enabling DKIM in Xeams
- Login as admin to Xeams' web interface
- Click DKIM under Filter Management
- The following page has two sections:
- You can specify a spam score on the left hand side for incoming emails. This score is assigned to a message fails a
DKIM authentication. This score is only assigned if a signature is found but is invalid.
- Specify domains that you would like to sign when sending outbound emails on the right hand side
Preparing your domain for outbound messages
To add your domain, simply specify your domain name
along with a selector
value. Selector can be any arbitrary
value and its purpose is to differentiate multiple SMTP Servers in your company. Consider a scenario where you have two
SMTP servers: Xeams and Exchange and outbound emails are sent from both of them. In this case you can use the word "xeams"
for the Selector in Xeams and "Exchange"
for the other SMTP server.
Xeams automatically creates a pair of Private/Public keys in the background. These keys are saved in
folder. It is strongly recommended you backup this folder. To view the public key value for your domain, click View Details
the desired domain name.
When a domain is added in Xeams, it remains Inactive
until the public key is entered in your DNS server. This is done by design
to avoid signing an outbound email without a DNS entry.
How to add your public key in a DNS server
You will need to add a TXT record in your DNS server. The host name for this TXT record must be:
Copy/paste the value of your public key from the "View Details"
screen for your domain.