LevelBlue Completes Acquisition of Cybereason.  Learn More

LevelBlue Completes Acquisition of Cybereason.  Learn More

Services
Cyber Advisory
Managed Cloud Security
Data Security
Managed Detection & Response
Email Security
Managed Network Infrastructure Security
Exposure Management
Security Operations Platforms
Incident Readiness & Response
SpiderLabs Threat Intelligence
View All Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Operational Technology
End-to-end OT security
Microsoft Security
Unlock the full power of Microsoft Security
Securing the IoT Landscape
Test, monitor and secure network objects
Why LevelBlue
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
LevelBlue SpiderLabs
Global researchers, ethical hackers, and responders
LevelBlue Security Operations Platforms
Unprecedented security visibility and control
Security Colony
Access to cybersecurity threat protection resources
Partners
Microsoft Security
Unlock the full power of Microsoft Security
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
  1. Support
  2. MailMarshal Cloud
  3. Knowledge Base

HOWTO: Setting up DKIM signing for MailMarshal Cloud

 

This article applies to:

  • MailMarshal (SEG) Cloud
  • DKIM signing 

Question:

  • What are the required steps for a customer to enable DKIM signing of outgoing messages in MailMarshal Cloud?

Procedure:

To set up DKIM signing:

  1. Create a DKIM key and selector for each domain.
    • In the MailMarshal Cloud Console, see System Configuration > Domains > (edit a domain) > DKIM.
    • Click Add, and then generate a key (or import a key if you have an externally generated one.
    • Copy the DNS Name and DNS Record information.
    • Click Save.
  2. You must create DNS records using the information provided (see below).
  3. After the DNS records are created, wait for them to be publicly available (normally within a few hours). You can check availability by returning to the domain page and editing the DKIM Key. You should see DNS Record successfully retrieved. You can also check the record using Google Public DNS at 8.8.8.8.
  4. Once the record for a domain is available, select it on the domain DKIM tab, and click Toggle Active

Signing

A DKIM signature is applied to all outgoing messages where DKIM is configured for the domain and a selector/key is active. 

  • Signing is requested by the rule Global Policies - Domain Reputation Services (Outbound): DKIM Sign Email.
  • Signing is applied at the end of content processing. 

Creating the DNS record(s)

A DNS Resource Record is required for each local domain from which you are planning to send DKIM signed messages.

Copy the information created in the MailMarshal Cloud Console for each domain.

In your DNS provider interface, expand the zone for the desired local domain, and add a resource record of type TEXT. Name the record with DNS Name you copied. The name of the record should be like yourselector._domainkey.yourdomain.com

Paste the DNS record text. The text of the record may include more than one line.

  • 2048 bit keys are longer than the permitted line length for many DNS servers. Long keys generated by MailMarshal Cloud are formatted with linebreaks and can be pasted directly to most DNS servers. However, some DNS software may change the linebreak to a space or make other changes. Be sure to verify the actual DNS record using NSLookup or a web-based DKIM checker.
  • The full record will be similar to the below image.


  • Looking up the record with NSLookup returns a result as shown below:

    MailMarshal Cloud KB article Q21085

    Last Modified: November 10, 2023

     Turn On Turn Off Highlight