how to create DKIM private key and public key - ORF Forums

@Monkeenmao: Hello Monkeenmao,

As of v6.6.1, ORF can verify the DKIM signature(s) in incoming emails, but it cannot sign outbound messages. This feature will be added in a future update.

As for the DKIM and DMARC TXT records, they should be published in the zone file of the DNS server authoritative for your domain, under the following locations:

DMARC: _dmarc.your-domain.com
DKIM: your-dkim-selector._domainkey.your-domain.com

I hope this helps.

@Monkeenmao: You can generate and export the private key for DKIM using the key generator on the "ARC Signing" page (ORF Administration Tool > ARC Signing > Key button ), because ARC uses the same keys as DKIM. You can also use the generated DNS TXT record too.

@Monkeenmao: When the DMARC test is enabled *and* the domain in the "Author" email address has a published DMARC record, ORF performs only the DMARC Test (which includes the SPF and DKIM tests, but when these are run as part of the DMARC Test, their results don't trigger any filtering action - instead they are used as "helpers" to produce the DMARC Test result).

If the author's domain has no DMARC record, ORF performs the SPF and DKIM tests (if the corresponding DNS records exist) and evaluates their results separately. The order is always DMARC Test > SPF Test > DKIM Test.

I hope this clarifies your question.

@Monkeenmao: We are planning to add a DKIM signing module to ORF in a future release, but there is no ETA yet, I am afraid. The next release (v6.7) is not going to include this feature.