Configuring a DKIM Signature

Procedure

1. Go to Administration → Sender Filtering/Authentication → DKIM Signatures.
2. Do one of the following:
   • Click Add to add a new signature.
   • Click a domain to edit the signature.
3. Select Enable DKIM signature.
4. Configure the general settings.

   Field	Description
   Domain	Type the domain where messages are sent. For example, domain.com or *.domain.com
   SDID	Type the signing domain identifier. For example, domain.com.
   Headers to sign	Select one or more headers to sign, or add a custom header.
   Private key	Select one of the following: Import existing key: Select this option and click Select to locate a private key file to import. Generate: Select this option and select a key length have Deep Discovery Email Inspector create a private key. Note After saving the settings, use the generated DNS TXT record name and DNS TXT record value to publish the key pair to your DNS server.

5. (Optional) Configure the advanced settings.

   Field	Description
   Header canonicalization	Select a cononicalization algorithm: Relaxed: Select this option to allow common modifications such as whitespace replacement or header field line rewrapping. Simple: Select this option to allow no modifications in the header.
   Body canonicalization	Select a cononicalization algorithm: Relaxed: Select this option to allow common modifications such as whitespace replacement. Simple: Select this option to allow no modifications in the body.
   Signature expiration	Type the number of days that the signature will be valid.
   Body length	Type the number of bytes allowed for the email body.
   AUID	Type the Agent or User Identifier on behalf of which SDID is taking responsibility.
   Sub-domain exceptions	Type a sub-domain to be excluded from DKIM signing and press ENTER.

6. Click Save.

   Note If you specify Deep Discovery Email Inspector to create a private key, use the generated DNS TXT record name and DNS TXT record value to publish the key pair to your DNS server.