DKIM Implementation Project Plan
DKIM Email Signing for Sending Email
A simple steps and project plan
- Buy a email gateway capable to do the signing
- I use McAfee Email Gateway (MEG). It has built in support. Just enable it (instruction)
- Other may consider sendmail + OpenDKIM. I have no experience in this.
- For MEG, it can generate the private key and public key. Just generate the key pairs and export the public key. Copy the public key to notepad.
- Use online tools to generate DNS TXT record.
- Publish the DNS TXT record in DKIM testing mode (t=y)
- Test the DKIM signature
- DKIM testing by Email Architect
- Send an email to email@example.com
- Send test mail to major email service provider and client, test out if DKIM signature is found and confirmed by their email gateway
- If pass, change the DKIM DNS record from "testing mode" to "production mode"
- If not pass, try the following:
- Reduce the number of header fields for signing
- Disable email disclaimer adding at email gateway (since this may temper the email body and make the email body signing not work)
- check if any email gateway along the path have modified the email (e.g. add disclaimer, add header, etc)
- canonicalization method - change from simple to relaxed, or vice versa
- regular test mail to test if email is considered as DKIM check failure .
- Consider change key pair periodically