DKIM — DomainKeys Identified Mail

Category: Before Enabling Filtering Services | Protocol: DNS / Cryptography

DKIM (DomainKeys Identified Mail) helps prove that the sending domain has not been spoofed and that the message content has not been altered during transmission. It relies on a cryptographic signature associated with a public key published in DNS.

I — DKIM Compliance Indicator

Your administration console displays the DKIM status in real time:

  • ✔ Public key in place — Messages are correctly signed
  • ⚠ Incorrect key — The key in use is not the Secuserve key
  • ✘ No key — No DKIM key configured for this domain

II — Generate and Configure the DKIM Key

  • Log in to your console: https://www.security-mail.net/
  • Go to Configuration > Domain Settings > DKIM
  • Click Generate DKIM Key
  • Copy the displayed value and add it to your DNS zone
Parameter Value
Name sec-sig-email._domainkey
TTL 3600
Type TXT
Value Copy from the administration console

III — Enable DKIM Signing

  • In the console, go back to Configuration > Domain Settings > DKIM
  • Verify that the DNS record has fully propagated (this may take several hours)
  • Check Enabled

⚠️ Enable DKIM signing only after confirming that the public key is correctly published in DNS. Enabling it too early may result in email rejection.

IV — How DKIM Works

When sending an email, the mail server signs the message using a private key. The recipient retrieves the public key from DNS and verifies the signature. If both match, the message is authentic and has not been modified.