Adding DKIM Verification Settings

Hosted Email Security verifies DKIM signatures in incoming email messages and allows administrators to take actions on messages that fail to pass signature verification. If a message's DKIM signature passes verification, the message will continue to the next step in the regular delivery process.

The DKIM verification settings apply only to the selected recipient domain.

  1. Go to Inbound Protection > Domain-based Authentication > DomainKeys Identified Mail (DKIM) Verification.
  2. Click Add.

    The Add DKIM Verification Settings screen appears.

  3. Select a specific recipient domain from the Domain name drop-down list.
  4. Select Enable DKIM verification.
  5. Optionally select Insert an X-Header into email messages.

    X-Header is added to indicate whether DKIM verification is successful or not.

    Here are some examples of X-Header:

    X-TM-Authentication-Results:dkim=pass; No signatures and verification is not enforced

    X-TM-Authentication-Results:dkim=pass; No processed signatures and verification is not enforced

    X-TM-Authentication-Results:dkim=fail; No processed signatures but verification is enforced

    X-TM-Authentication-Results:dkim=pass; Contain verified signature,, header.s=TM-DKIM_201603291435,

    X-TM-Authentication-Results:dkim=fail; No verified signatures

  6. Under Intercept, select an action that you want to take on a message that fails DKIM verification.
    • Do not intercept messages

    • Delete entire message

    • Quarantine

  7. Under Tag and Notify, select further actions that you want to take on the message.
    • Tag subject


      Tags can be customized. When selecting the Tag subject action, note the following:

      • This action may destroy the existing DKIM signatures in email messages, leading to a DKIM verification failure by the downstream mail server.

      • To prevent tags from breaking digital signatures, select Do not tag digitally signed messages.

    • Send notification

  8. Under Enforced Peers, add enforced peers to enforce DKIM verification for specific sender domains.
    1. Click Add.
    2. Specify a sender domain name and click Add.

      Each email message from the specified domain must meet specific criteria of the DKIM standard; otherwise, an action will be taken on the message.

      The following criteria must be met:

      • The sender domain must have a DKIM record.

      • There is at least one verified signature in the message.

  9. Click Add to finish adding the DKIM verification settings.