DKIM (DomainKeys Identified Mail) is an email authentication protocol that uses cryptographic signatures to verify that messages haven’t been modified during delivery and genuinely originate from your domain.
This guide explains how to configure DKIM for Trustwave MailMarshal, an advanced email security gateway that helps protect your organization from threats while ensuring message integrity and authentication.
Trustwave MailMarshal DKIM Requirements
To create a key and a selector:
In the SEG Configurator, open the properties for the local domain and select the DKIM tab.
Click New to open the DKIM Key window.
Enter a unique selector, such as a date string.
Click Generate to create the key and record text.SEG generates 2048-bit keys by default.
Copy the information required to create the DNS record (to capture all text, right click > select all).Once the DNS record has been created and verified to be available in public DNS (or in Sendmarc, if you’re managing your keys there), you can enable the key from the DKIM tab.
2. Creating the DNS record(s)
A DNS Resource Record is required for each local domain from which you are planning to send DKIM signed messages.
Copy the information from the DNS Record field of the DKIM Key window in the Configurator.
For example, in Windows DNS Manager, expand the zone for the desired local domain, add a resource record of type TEXT, and paste the information from SEG. The text of the record may include more than one line.
2048 bit keys are longer than the permitted line length for many DNS servers. Long keys copied from SEG are formatted with a linebreak and can be pasted directly to Microsoft DNS and many other DNS servers. However, some DNS software may change the linebreak to a space or make other changes. Be sure to verify the actual DNS record using NSLookup or a web-based DKIM checker.
Looking up the record with NSLookup returns a result as shown below:
Notes:
While you can use the same key for all domains, it is highly recommended that you create separate keys.
Add a DNS record and local domain information for each local domain where you want to use DKIM to sign outgoing messages.
Ensure that DNS and local domain configuration is in place before creating any signing rules for a domain.