Mastering Email Security: Unveiling the Secrets of DKIM Signatures
- /
- 2020-03-18
DKIM
Email authentication DomainKeys Identified Mail (DKIM).
With ServerMX you won't have to worry about configuring DNS values or generating keys on your own.
When you send an email through ServerMX, the email is signed with ServerMX's private key. This digital signature is a unique code generated from the email's content, including the subject, body, and attachments. The private key used for this signature is known only to your email service provider.
When the recipient's email server receives your email, it verifies the email's authenticity using DKIM. This verification process involves obtaining the public key associated with the domain name 'servermx.com,' which is publicly available in the DNS records of the 'servermx.com' domain.
If the decryption process is successful and the calculated hash value from the email's content matches the one in the DKIM signature, it indicates that the email hasn't been tampered with during transit.
Set Up Your Own DKIM Key
Instead of using ServerMX's key, a user may need to sign emails with their own domain name, which involves generating keys for the customer's domain. Utilizing its own DKIM key doesn't enhance security but certifies that the sender's domain matches the one signing the email.
To set up a custom DKIM configuration, you'll first require your own public key, which should then be added to your DNS as a TXT record.
For example:
Step 1: keys generation. The hosting email provider generates the keys by giving as input your domain name.
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD3/pOlGgOukTnE2a8K0emn3ZQc qlCPMjVqiGttC9gc5hJOXA0dHbuCYyo2Pp27nCOs/JCiokZS24W7UJADsXYjMUmT tSsZZSu7A+b/MD3eLM6U9cgRfWvzS0WA1aPvV6qVjBthWusmaqeYjFXnK7XkoItR C5akXhasectmR8os6QIDAQAB -----END PUBLIC KEY-----
Step 2: You, (the owner of the domain) has to put the public-key in a TXT record
Setting Up Your DNS record
Additional information includes the DKIM selector, which identifies the TXT record in your DNS. For instance, in the case of ServerMX, the selector is 'servermx'.
This means the txt records DKIM is
servermx._domainkey.<yourdomainname>
v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD3/pOlGgOukTnE2a8K0emn3ZQcqlCPMjVqiGttC9gc5hJOXA0dHbuCYyo2Pp27nCOs/JCiokZS24W7UJADsXYjMUmTtSsZZSu7A+b/MD3eLM6U9cgRfWvzS0WA1aPvV6qVjBthWusmaqeYjFXnK7XkoItRC5akXhasectmR8os6QIDAQAB
In this way, DKIM helps you trust the authenticity of emails from known sources and guards against email spoofing and phishing attempts, providing an added layer of security to your email communications.