Email HostingControl PanelOther

DKIM Signature

Configure DKIM signatures for domains from the Qboxmail Control Panel and verify message authentication.

The DKIM signature (DomainKeys Identified Mail) is an email message authentication method that identifies the actual identity of the domain that sends the message and helps prevent spoofing on outgoing messages. All messages sent through Qboxmail SMTP servers are digitally signed, by default, with a shared DKIM signature to increase their reputation and ensure greater security, but you can also set up a custom DKIM signature for each domain.

What is a custom DKIM signature used for?

A dedicated DKIM signature can be useful to isolate your domain’s reputation from that of others using the shared signature. A custom signature is also required to enable specific services such as DMARC (Domain-based Message Authentication, Reporting & Conformance), a tool useful for countering email spoofing.

Add a custom DKIM signature

To add a custom DKIM signature, click Domains in the Control Panel sidebar, select the name of the domain for which you want to set the signature, then select Settings from the available tabs. Go to the domain Security settings and scroll to the Custom DKIM signature section. To enable the DKIM signature, click the Enable DKIM button, then follow the guided procedure to create the signature.

Step 1 - Generate the DKIM signature

  1. Click the Enable DKIM button and generate the selector and public key for your DKIM signature.

The selector is the first part (e.g. qbm1807252189._domainkey), while the public key is the part that starts with v=DKIM1; k=rsa; p=MIGfMA…

Step 2 - Edit your domain DNS settings

  1. Log in to your domain DNS management panel.
  2. Enter the selector as a TXT record in the subdomain field (the name may vary depending on the DNS panel).
  3. Enter the full public key as a TXT record in the value field.
Info

It may take up to 24 hours for the newly added record to become active.

Step 3 - Verify the signature DNS

  1. Open the security settings of the domain for which you are enabling the custom signature. In the Custom DKIM signature section, click the Verify DKIM configuration button.

The system will immediately check the records entered in DNS. If the check is successful, your custom DKIM signature will become active within a few minutes. As a result, all messages sent through Qboxmail SMTP servers with a sender address from your domain will contain the custom digital signature.

Info

If the verification procedure is not successful, check that the DNS settings are correct and, if the issue persists after 24 hours, contact our technical support. An unverified DKIM signature is automatically removed from the system after 7 days.

Warning

If the TXT records in the domain DNS related to the DKIM signature are removed, our SMTP servers will continue to sign emails, but the signature will no longer be verifiable.

If you remove the TXT records from DNS, you must also remove the custom DKIM signature from the Qboxmail Control Panel.

Verify the DKIM signature with Email log analysis

Email log analysis, the system that lets you analyze email traffic logs in real time, can verify that the custom DKIM signature is correctly applied to your domain or, alternatively, can verify that the shared signature is still present.

To view which DKIM signature is applied to messages:

  1. Click Email log analysis in the Control Panel sidebar
  2. Select Sent Mail as the action type
  3. Enter the name of the domain whose logs you want to view
  4. Enter the name of an email account whose logs you want to view

After completing the fields, the search results will appear, if any. For each sent email, by clicking Show Details, you can view the fields that contain the details of the domain and DKIM selector applied to that specific sending:

  • DKIM selector
  • DKIM domain

Delete a custom DKIM signature

To delete a custom DKIM signature, click Domains in the Control Panel sidebar, select the name of the domain for which you set the signature, then select Settings from the available tabs. Go to the domain Security settings and, in the Custom DKIM signature section, click the Disable DKIM button.

Your custom DKIM signature will be removed from the system within a few minutes and emails will go back to being signed with the shared signature.

On this page