6.2.1 ORF Online Help
Select your ORF version:

Table of Contents

DKIM Test


This help section describes the DKIM test and the related settings available under the BlacklistsDKIM Test page in the navigation.

General Information

DomainKeys Identified Mail (DKIM) is a crypthograhic approach to email authentication that allows senders to sign outbound emails with a digital signature which then can be verified by recipients using the public key DNS record of the sending domain. Succesful verification of the signature proves that the email has not been altered in transit.

Enable this test on perimeter servers only. Mail transfer agents, including Microsoft® Exchange, may rewrite parts of the message header and/or body before forwarding the email to the next hop device which can break the DKIM signature and cause false positives.

Settings

Click the Settings button to configure the DKIM test feature of ORF. More information is available in the DKIM Settings section.

Enforced Signatures

Click the Configure button of the Enforced Signatures group. Use this test to require the email to carry a specific signature, or any signature, if it was sent by a specific party.

Example scenarios

Email address/mask Selector Domain Blacklist if...
[email protected] * * sent by [email protected], but no DKIM signature is found or none of the DKIM signatures pass
*.domain.com * * sent by [email protected], but no DKIM signature is found or none of the DKIM signatures pass
[email protected] * domain.com sent by [email protected], but no DKIM signature is found or the signature of domain.com fails verification
[email protected] mta01 signer.com sent by [email protected], but no DKIM signature is found or the signature of signer.com fails verification using the public key located at mta01._domainkey.signer.com

User-Defined Signature Blacklist

Click the Configure button of the User-Defined Signature Blacklist group. Use this test to blacklist emails that are signed by specific signers.

Notes

Where to find more information about DKIM

Visit the DKIM website at http://www.dkim.org/.

Publishing a DKIM public key record

Please visit the DKIM website to learn more about publishing a DKIM record for your domain.

Implemented DKIM version

ORF implements RFC6376 published in September 2011, and its updates (RFC8301, RFC8463, RFC8553, RFC8616).

The optional Authentication-Results header field is not appended to emails. ORF does not sign outbound messages.

Copyright © Vamsoft Kft. All rights reserved. Document ID adm-oa-dkim, version 3.