Exim/DKIM

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing.

Initial Setup
First you need to create an empty file at.

Then, edit  and addundefined Finally reload the configuration by using

Add Domain
First choose a selector. DKIM allows each domain to have multiple keys (to allow key rotation, multiple senders…). Each key is identified by a selector. For the example, we will use example2017.

Then create the key

Next step is to create a DNS record. The value after  is the public RSA key from the command above

Wait for DNS propagation of the new record.

Finally add or replace the line related to  in

Key Rollover
As with any cryptographic material, you need to rotate the key regularly. A safe default is once a year.

The process for a key rollover is the same as the initial domain creation. The additional step is that after about a week, the old key should be removed from the DNS.

Test
You can test your signatures server by sending a message to [mailto:check-auth@verifier.port25.com check-auth@verifier.port25.com]. See details page for advanced options.