Step 1: Access the DKIM Settings
In the SpamTitan Gateway interface, go to: System Setup > Mail Relay > DKIM Signing
You will see a table listing your configured domain relays.
Click the edit icon next to the domain you want to configure. This opens the ‘DKIM: your_domain’ window.
Step 2: Configure the Domain Key
Go to the DOMAIN KEY tab.
In the Selector field, enter a name (e.g., default, titan). This value uniquely identifies the DKIM key for your domain.
Note: You should periodically rotate your DKIM keys—monthly or quarterly is recommended—for better security.
Optional fields:
Private Key: You may supply your own private key or let SpamTitan generate one.
Key Length: Choose between 1024-bit or 2048-bit. Longer keys are more secure, though some DNS providers may not support 2048-bit.
Test Mode: Enable this to create a temporary testing key (t=y), which signals other servers not to penalize failures during the test period. It is recommended to enable this setting.
Click Generate to create your domain key.
The new key will now appear in the domain key table.
Step 3: Add the DNS TXT Record
Go to the OPTIONS tab.
Copy the generated TXT record value. Remove all spaces, carriage returns, and quotation marks from the copied string.
In your DNS provider (or Sendmarc, if that’s where your keys are managed), create a TXT record using the following format:
Host Type Value selectorname (this is the selector you specified in Step 2) TXT Paste the cleaned DKIM key value)
Also create the Policy Record for your domain:
Step 4: Verify and Enable DKIM
Return to SpamTitan and click Verify in the OPTIONS tab.
If the TXT record is found and matches SpamTitan’s expectations, verification will succeed.
Once verified, click Enable to activate DKIM signing for this domain.
DKIM is now enabled in your SpamTitan Gateway deployment, and all future outbound email will be signed with the configured DKIM key.