The DKIM signature (DomainKeys Identified Mail) is an email authentication method that identifies the actual identity of the domain that sends the message and helps prevent spoofing on outgoing messages. All messages sent by Qboxmail SMTP are digitally signed, by default, with a shared DKIM signature, in order to increase their reputation and ensure greater security, but it is also possible to set a personalized DKIM signature for each domain.
What is a custom DKIM signature for?
A dedicated DKIM signature can be useful for isolating the reputation of one's domain from that of others using the shared signature. A custom signature is also required to activate specific services such as DMARC (message authentication, domain-based reporting and compliance), a useful tool to combat email spoofing.
Add a custom DKIM signature
To add a custom DKIM signature, click on Domain in the control panel sidebar, select the domain name for which you want to set the signature, select the Settings item from the present tabs. Go to the Security domain settings and in the Custom DKIM Signature section and click on the Activate DKIM button, then follow the wizard to create the signature.
- Domains > Domain name > Settings > Security > Custom DKIM signature > Enable DKIM
Step 1: generate the DKIM signature
- Click on the Activate DKIM button and generate the selector and public key of your DKIM signature.
The selector is the first part (ex.
Qbm1807252189._domainkey), while the public key is the part that starts with
v = DKIM1; k = rsa; p = MIGFMA ...
Step 2: Change the DNS parameters of your domain
- Connect to the DNS management panel of your domain.
- Enter the selector as a TXT type record in the subdomain field (the name may vary depending on the type of DNS panel).
- Enter the public key along its entire length, as a TXT record, in the value field.
It may take up to 24 hours for the newly entered record to be activated.
Step 3: Verify the DNS of the signature
- In the Custom DKIM signature section of the security settings of the domain for which you are activating the custom signature and click on the Check DKIM configuration button.
The system will immediately check the records entered in the DNS, in case of a positive response your personalized DKIM signature will be active within a few minutes and all messages sent via Qboxmail SMTP, with the sender an address of your domain, will contain the personalized digital signature.
If the verification procedure is not successful, check that the DNS settings are correct and, if the problem persists after 24 hours, contact our technical support. An unverified DKIM signature is automatically removed from the system after 7 days.
In the event that the TXT records, present in the DNS of the domain, relating to the DKIM signature are removed, our SMTP will continue to sign the emails but the signature will not be verifiable.
If it was necessary to remove the TXT records from the DNS, you will also need to remove the custom DKIM signature from the Qboxmail control panel.
Check the DKIM signature via ETLive
Through ETLive, the system that allows you to analyze email traffic logs in real time, you can verify that the personalized DKIM signature is correctly applied to your domain or, alternatively, if the shared signature is still present.
To view which DKIM signature is applied to messages:
- Click on the ETLive entry in the control panel sidebar
- Select the type of action Mail Send
- Enter the name of the domain whose logs you want to view
- Enter the name of an e-mail account whose log you want to view
Once the fields are complete, the search results will appear. For each email sent, by clicking on Show details, it will be possible to view the fields containing the details of the DKIM domain and selector applied to the specific send:
- DKIM selector
- DKIM domain
Delete a custom DKIM signature
To delete a custom DKIM signature click on the Domini entry in the control panel sidebar, select the domain name for which the signature was set, select the Settings item from the present tabs. Go to domain settings Security and in the Custom DKIM Signature section and click on the Disable DKIM button.