DKIM Settings
DomainKeys Identified Mail (DKIM) is a protocol that allows verifiable email transmission though the use of cryptographic authentication. This is accomplished through the use of private and public keys. The private key is stored on the sending email server so that hash strings can be generated out of email message using that private key and a public key which is stored in DNS so that recipients can verify those hashes using that public key.
DKIM Enabled
Setting this setting to YES will enable DKIM verification of all incoming email and if DKIM Sign is enabled for any domains, it will also enable the generation of DKIM keys for all outgoing email for those domains. If DKIM Sign is not enabled for any domains it will ONLY enable DKIM verification of all incoming email.
Disabling DKIM will also automatically disable DKIM if enabled.
Body Canonicalization
The canonicalization method for the message body used when DKIM signing messages. The recommended setting is Relaxed.
Headers Canonicalization
The canonicalization method for the message headers used when DKIM signing messages. The recommended setting is Relaxed.
Default Message Action
This is the default action to take when an incoming message DKIM signature fails to validate. The recommended setting is Accept. This action is processed before all the other actions below so it's best to be set to Accept and then set any overrides below.
Bad Signature Action
This is the default action to take when an incoming message DKIM signature fails to validate. The recommended setting is Accept.
DNS Error Action
This is the default action to take when a DNS error occurs during the DKIM validation of an incoming message . The recommended setting is Temp Fail.
Internal Error Action
This is the default action to take when a system internal occurs during the DKIM validation of an incoming message . The recommended setting is Quarantine.
No Signature Action
This is the default action to take when an incoming message has no DKIM signature . The recommended setting is Accept.
Security Concern Action
This is the default action to take when an incoming message contains properties that maybe of a security concern . The recommended setting is Quarantine.
Signature Algorithm
This settings sets the DKIM signature algorithm used when signing outgoing DKIM messages . The recommended setting is RSA-SHA-256. (Figure 1).
Figure 1