DKIM DomainKeys Identified Mail

DKIM is a mechanism to check if an incoming email's FROM address is forge.

DKIM adds a special header to every out-bound email, which can be used to confirm the message authenticity. Xeams can not only check the DKIM signature of an incoming email from the Internet, it can also sign an outbound message with a private key that can be verified by a receiving server.

Enabling DKIM in Xeams

  • Login as admin to Xeams' web interface
  • Click DKIM under Filter Management
  • The following page has two sections:
    • You can specify a spam score on the left hand side for incoming emails. This score is assigned to a message fails a DKIM authentication. This score is only assigned if a signature is found but is invalid.
    • Specify domains that you would like to sign when sending outbound emails on the right hand side

Preparing your domain for outbound messages

To add your domain, simply specify your domain name along with a selector value. Selector can be any arbitrary value and its purpose is to differentiate multiple SMTP Servers in your company. Consider a scenario where you have two SMTP servers: Xeams and Exchange and outbound emails are sent from both of them. In this case you can use the word "xeams" for the Selector in Xeams and "Exchange" for the other SMTP server.

Xeams automatically creates a pair of Private/Public keys in the background. These keys are saved in $INSTALL_DIR\config\dkimKeys folder. It is strongly recommended you backup this folder. To view the public key value for your domain, click View Details for the desired domain name.

When a domain is added in Xeams, it remains Inactive until the public key is entered in your DNS server. This is done by design to avoid signing an outbound email without a DNS entry.

How to add your public key in a DNS server

You will need to add a TXT record in your DNS server. The host name for this TXT record must be:
YourSelector._domainKey.YourDomain.com
Copy/paste the value of your public key from the "View Details" screen for your domain.