Skip to content

Add a DKIM signature (MTA mode)

You can add DKIM signatures to the headers of outbound emails by specifying the domain, a selector, and a private RSA key. A domain can have more than one signature.

To add a DKIM signature, do as follows:

  1. Go to Email > General settings. Scroll down to DKIM signing and click Add.
  2. For Domain, enter the FQDN of the domain.
  3. Enter the key selector.

    Tip

    You can use the location or name of a specific mail server to identify outbound mails from the server, for example, London or mailserver1.

  4. Enter the private RSA key.

    You can generate the key using a key generator, such as PuttyGen or Windows OpenSSL. A private key can have 1024 to 2048 bits. Don't use RSA SHA-1.

    Warning

    If you use PuttyGen to generate a private key with 1024 bits, the firewall doesn't add it. You must generate the private key with 2048 bits if you're using PuttyGen.

    Make sure you add the key between the following lines: -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----.

    Shows an example of the RSA key.

  5. Click Save.

Update the TXT record for the DKIM signature on the DNS server. Once the DNS changes are applied, the DKIM signature will take effect.

More resources