DKIM (DomainKeys Identified Mail) adds a digital signature to each of your outgoing emails, allowing receiving mail servers to verify that the message is authentic and hasn’t been tampered with. Enabling DKIM helps prevent phishing, protects your domain’s reputation, and improves email delivery.
Sophos provides hosted email security services, including DKIM support, through its Sophos Email platform, which scans and delivers mail on your behalf.
This guide will show you how to set up DKIM for your domain when using Sophos as your email security provider.
Log in to your Sophos Email account.
Go to My Products > General Settings > Domains Settings / Status.
Click the domain you want to configure.
Click Add key.
Sophos will generate a DKIM selector and public key automatically.
Copy the generated DKIM details.
Go to your DNS provider (e.g., Sendmarc, Cloudflare, GoDaddy) and create a new TXT record using the provided information.
Tip: If you’re using Sendmarc, paste the key into the appropriate DKIM section of your dashboard.
After publishing the TXT record, return to Sophos.
Click Test record to ensure your DKIM record is visible and valid.
Once verification succeeds, click Activate.
Click Save to finalize the setup.
DKIM is now enabled for your Sophos Gateway outbound email deployment. All future emails sent through the Sophos service will be cryptographically signed using your DKIM key.
To update your DKIM record through Sendmarc, please refer to the Sendmarc DKIM Setup Documentation.
Sophos’s official DKIM configuration guide can be found here.
Find out how to configure your Sophos SPF settings here.