Skip to main content

DKIM Configuration

NOTE: This feature is only available with Hermes SEG Pro License.

NOTE: This section requires any saved changes to be applied by clicking the Apply Settings button on the bottom of the page.

DomainKeys Identified Mail (DKIM) is a protocol that allows verifiable email transmission though the use of cryptographic authentication. This is accomplished through the use of private and public keys. The private key is stored on the sending email server so that hash strings can be generated out of email message using that private key and a public key which is stored in DNS so that recipients can verify those hashes using that public key.

DKIM Enabled

Setting this setting to Yes will enable DKIM verification of all incoming email and if DKIM Sign is enabled for any domains, it will also enable the generation of DKIM keys for all outgoing email for those domains. If DKIM Sign is not enabled for any domains it will ONLY enable DKIM verification of all incoming email.

Body Canonicalization

The canonicalization method for the message body used when DKIM signing messages. The recommended setting is Relaxed

Headers Canonicalization

The canonicalization method for the message headers used when DKIM signing messages. The recommended setting is Relaxed

Default Message Action

This is the default action to take when an incoming message DKIM signature fails to validate. The recommended setting is Accept. This action is processed before all the other actions below so it's best to be set to Accept and then set any overrides below.

Bad Signature Action

This is the default action to take when an incoming message DKIM signature fails to validate. The recommended setting is Accept.

DNS Error Action

This is the default action to take when a DNS error occurs during the DKIM validation of an incoming message . The recommended setting is Temp Fail.

Internal Error Action

This is the default action to take when a system internal occurs during the DKIM validation of an incoming message . The recommended setting is Quarantine.

No Signature Action

This is the default action to take when an incoming message has no DKIM signature . The recommended setting is Accept.

Security Concern Action

This is the default action to take when an incoming message contians properties that maybe of a security concern . The recommended setting is Quarantine.

Signature Algorithm

This settings sets the DKIM signature algorithm used when signing outgoing DKIM messages . The recommended setting is RSA-SHA-256.