Sophos Email Security DKIM Setup 

DKIM (DomainKeys Identified Mail) adds a digital signature to each of your outgoing emails, allowing receiving mail servers to verify that the message is authentic and hasn’t been tampered with. Enabling DKIM helps prevent phishing, protects your domain’s reputation, and improves email delivery.

Sophos provides hosted email security services, including DKIM support, through its Sophos Email platform, which scans and delivers mail on your behalf.

This guide will show you how to set up DKIM for your domain when using Sophos as your email security provider.

Sophos DKIM Requirements

Step 1: Access Domain Settings

  1. Log in to your Sophos Email account.

  2. Go to My Products > General Settings > Domains Settings / Status.

  3. Click the domain you want to configure.

Step 2: Generate and Add the DKIM Key

  1. Click Add key.

  2. Sophos will generate a DKIM selector and public key automatically.

  3. Copy the generated DKIM details.

  4. Go to your DNS provider (e.g., Sendmarc, Cloudflare, GoDaddy) and create a new TXT record using the provided information.

Tip: If you’re using Sendmarc, paste the key into the appropriate DKIM section of your dashboard.

Step 3: Verify and Activate the Key

  1. After publishing the TXT record, return to Sophos.

  2. Click Test record to ensure your DKIM record is visible and valid.

  3. Once verification succeeds, click Activate.

  4. Click Save to finalize the setup.

DKIM is now enabled for your Sophos Gateway outbound email deployment. All future emails sent through the Sophos service will be cryptographically signed using your DKIM key.

How to update your DKIM settings using Sendmarc

To update your DKIM record through Sendmarc, please refer to the Sendmarc DKIM Setup Documentation.

Sophos’s Documentation

Sophos’s official DKIM configuration guide can be found here.

Looking for SPF Settings?

Find out how to configure your Sophos SPF settings here.