Protection against spoofing: DKIM integration on Collax servers
23.11.2023
Stefan Kaysersberg
Stefan Kaysersberg
What is DKIM?
DomainKeys Identified Mail (DKIM) is a process that adds a signature to emails in order to clearly show the recipient the origin of the email. When using DKIM, the sender signs their emails and provides the corresponding public key via the TXT record of the same domain. The recipient can then verify the authenticity of the email on receipt by checking the signature and the key in the DNS.
Here are the basic aspects of DKIM:
Digital signature
The sender of an email can digitally sign their message by using a private key. This signature is added as part of the email header.
Public key
The public key used to verify the digital signature is published in the sender’s DNS (Domain Name System).
Verification
The recipient can retrieve the public key from the DNS and check the digital signature. If the signature is valid, this indicates that the email actually originates from the specified sender and has not been manipulated during transport.
Authentication
DKIM provides a method for authenticating emails to prevent spoofing and phishing. It helps to ensure the integrity of email communication.
Reduction of spam
As DKIM confirms the authenticity of emails, this can also help to reduce the likelihood of legitimate emails being flagged as spam.
Configuration on Collax servers
To configure DKIM for outgoing emails, use the option Sign outgoing emails with DKIM. By activating this option, a DKIM signature is automatically generated for all outgoing emails and inserted in the header. Outgoing emails are all messages that are received on the submission port, originate from a network that is authorised for mail relay or were sent by an authenticated email user (e.g. web mailer).
You can find this configuration option under Mail and Messaging -> Spam Filter in the Reputation Services tab under DKIM.
A DNS entry for the DNS provider is created (as an example). After activation, the DNS entry for the mail domain can be downloaded as a text file. The DNS entry contains, among other things, the public DKIM key and the host name in the form main.dkim_1234567890._domainkey.example.com.
Use the steps described in the next section to create the corresponding DNS entry with your provider.
Create DKIM record with DNS provider
To configure DKIM for outgoing emails, make sure that the public DKIM key is stored in the public DNS at the DNS provider for the corresponding mail domain.
To do this, create a TXT entry for the host with the name “main.dkim_1234567890._domainkey” for the mail domain “example.com”. The value of this entry contains the public DKIM key, which can look like this:
v=DKIM1;p=v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkV4LvgznQKhoWN4MUyljoMjpq
tigCBsZiMV1N3+Nwk+mj/IAGiqqKppKgjRF4avUTPxy8jXANxRbRLw5wHs8sHr74
L+Xzy3m9NsP5RPTZXWMud0IW+jOvNw/UZRib50KudPM4ptNxrOESyWQtd4jT/SL9
Nk5MjEzMAUVSsZ3NDQIDAQAB
Increase the security of your outgoing emails on all Collax servers with DKIM.
You can find more information about our server solutions and their many possible applications on the product page Collax server solutions.