DKIM

DKIM is a mechanism with which outgoing emails are signed by the mail server. Recipients can check whether an email was actually sent from the correct server or not.

DKIM uses RSA, which uses a private key to sign emails and a public key to verify these signatures.

The public key is stored in the DNS zone of the sending domain. This allows the receiving email server to check the validity of the signature.

This signature is part of the email header, the base code of the message. Despite the importance of DKIM for email security, DKIM has not yet achieved the widespread use of SPF.

Setting up DKIM at Nine

Prerequisite is that you are using Nine's email service.

• Open Mailadmin (mailadmin.nine.ch)
• Click on the pencil icon to the right of the domain for which you want to set up DKIM

• In the next dialogue, click on the "DKIM einrichten" button

The data you need to set up the DNS entry for DKIM is then displayed.

The data appears in the form:

selector._domainkey	IN	TXT	( "v=DKIM1; k=rsa; "
"p=key-teil1"
"key-teil2" )  ; ----- Kommentar

Now create the following TXT record in the DNS zone responsible for the relevant domain: Subdomain: selector._domainkey

Wert: “v=DKIM1; k=rsa; p=key-teil1key-teil2”

The 3 lines are written next to each other, whereby the inverted commas are only placed around the entire statement outside.

As with all DNS customisations, it may take some time before they become active.

Test DKIM

You can check the email header of a sent email to see whether the DKIM key is also sent.

The following tools are also available for testing:

• LearnDMARC.com
• DKIM Record Lookup
• DKIM Record Checker

Please note that we are not associated with the providers of these tools.