What does DKIM do for me and why should I use it?

Using DKIM for your outgoing messages offers several advantages, e. g.:

Trust building
The receiving mail server can verify if the incoming message was actually sent by the sender.
Integrity
DKIM enables the recipient to ensure that important header information (such as subject) and the content of the message have not been changed.
Reputation boost
The probability of your email being detected as spam decreases.
Security
DKIM reduces the likelihood of your domain being misused for phishing or email spoofing

If a spammer attempts to misuse your domain or e-mail address to send his or her messages, DKIM reduces the chance that the message will actually reach the recipient. Incoming messages are checked by most mail services (such as Yahoo!, GMail, Web.de) for a valid DKIM signature.

How does DKIM work?

When sending a message, you automatically add a DKIM signature to the e-mail header, which contains a hash value of the message content and header information. If the receiving mail server supports DKIM and searches for incoming messages, it will react as follows:

The sending mail server adds a digital signature to the email in the message header.
The receiving mail server retrieves the public key from the DNS zone of the sending domain and decodes the signature in the email.
If the data matches, the email is considered authenticated

How a mail server reacts when it detects an invalid signature depends on the configuration of the receiving mail server or the DMARC entry of the sending domain.

DKIM can only be used with EuropeanMX if you use the outgoing filter for your domain!

What we sign in a message by default?

In addition to the content of your message, we will also sign the following header information:

from
date
subject
reply-to-too
transmitter
to
c
bcc
message-id
in-reply-to
reference
content type
mime-version
content transfer encoding

How can I configure DKIM via the Admin Panel?

A

Login to the Admin Panel

For instructions on how to log into the admin panel of EuropeanMX, please see our FAQ article "How can I log in to the Admin-Panel (web interface of the filter)?".

B

Generate DKIM certificate

Under "Outgoing" click on "DKIM".
Enter the desired DKIM selector. The name of the selector is not mandatory and can be freely chosen. In our example we use the selector "test".
Click on "Generate and save new private/public pair". The private key is stored on our server. The public key must now be propagated in the DNS settings.

C

Propagating the public key in DNA

In order for the public key to be retrieved by the receiving mail server, it must be propagated in the DNS settings of your domain. The TXT record should then look like this:

test._domainkey.example.com IN TXT v=DKIM1; g=*; k=rsa; p=[public key in one line];

The entry must be made as a TXT record. Use instead of "test" the selector you have defined in Step2.

D

Connect the outgoing user with DKIM

Now that the key can be retrieved from receiving mail servers, the outgoing user must be connected to the DKIM selector in the webinterface.

Select the desired outgoing user under "Outgoing" > "Manage User".
Enter the previously configured selector ("test" in this example) under "DKIM Selector".
Save the settings.

Once the user has been linked to the DKIM selector, the DKIM signature is added to the header of each outgoing message that has been authenticated with this user (assuming you do not use a separate DKIM certificate). The receiving mail server can decode the signature using the public key and confirm authenticity.

For more information about DKIM we recommend the following websites: