Configuring a DKIM Signature

You can add or edit a DKIM signature that Deep Discovery Email Inspector uses to all outgoing messages from a specific domain.

  1. Go to Administration > Sender Filtering/Authentication > DKIM Signatures.
  2. Do one of the following:
    • Click Add to add a new signature.

    • Click a domain to edit the signature.

  3. Select Enable DKIM signature.
  4. Configure the general settings.
    Table 1.

    Field

    Description

    Domain

    Type the domain where messages are sent. For example, domain.com or *.domain.com

    SDID

    Type the signing domain identifier. For example, domain.com.

    Headers to sign

    Select one or more headers to sign, or add a custom header.

    Private key

    Select one of the following:

    • Import existing key: Select this option and click Select to locate a private key file to import.

    • Generate: Select this option and select a key length have Deep Discovery Email Inspector create a private key.

      Note:

      After saving the settings, use the generated DNS TXT record name and DNS TXT record value to publish the key pair to your DNS server.

  5. (Optional) Configure the advanced settings.
    Table 2.

    Field

    Description

    Header canonicalization

    Select a cononicalization algorithm:

    • Relaxed: Select this option to allow common modifications such as whitespace replacement or header field line rewrapping.

    • Simple: Select this option to allow no modifications in the header.

    Body canonicalization

    Select a cononicalization algorithm:

    • Relaxed: Select this option to allow common modifications such as whitespace replacement.

    • Simple: Select this option to allow no modifications in the body.

    Signature expiration

    Type the number of days that the signature will be valid.

    Body length

    Type the number of bytes allowed for the email body.

    AUID

    Type the Agent or User Identifier on behalf of which SDID is taking responsibility.

    Sub-domain exceptions

    Type a sub-domain to be excluded from DKIM signing and press ENTER.

  6. Click Save.
    Note:

    If you specify Deep Discovery Email Inspector to create a private key, use the generated DNS TXT record name and DNS TXT record value to publish the key pair to your DNS server.