Trend Micro InterScan Messaging Security DKIM Setup

DKIM (DomainKeys Identified Mail) adds a digital signature to your outbound emails, allowing receiving servers to confirm that the messages haven’t been altered and were sent from your domain. Enabling DKIM enhances trust, supports deliverability, and helps defend against phishing.

Trend Micro Email Security and InterScan Gateway support DKIM signing and verification, giving you control over your email authentication policies as part of a layered security strategy.

This guide will show you how to configure DKIM for your domain when using Trend Micro as your email security gateway.

Trend Micro InterScan Messaging Security DKIM Requirements

Step 1: Access the DKIM Configuration

  1. Log in to the Trend Micro IMSVA admin console.

  2. Navigate to:
    Administration → IMSVA Configuration → DKIM Signature

Step 2: Enable DKIM Signing

  1. Check the box for “Enable DKIM signature.”

  2. Select one or more headers to sign.

    • The From header is selected by default.

    • To add more headers, click Customize and choose the headers you want to include.

  3. Click Add to begin DKIM configuration.

Step 3: Configure General DKIM Settings

In the Add DKIM Signature screen, fill in the required fields:

  • Domain: Enter the domain to be signed, e.g. *.example.com

  • SDID (Signing Domain Identifier): e.g. example.com

  • Selector: Provide a selector (e.g. dkim1) or use the default

  • Private Key:

    • Upload your own private key or

    • Have IMSVA generate one for you

    • If generating, select a key length (typically 2048 bits is recommended)

Step 4: (Optional) Configure Advanced DKIM Options

You may optionally configure the following:

  • Header Canonicalization: Choose between Simple or Relaxed

  • Body Canonicalization: Choose between Simple or Relaxed

  • Enable Signature Expiration: Set a validity period in days, if required

  • Enable Body Length: Limit the number of bytes allowed in the email body

  • AUID: (Agent/User Identifier) — specify an identifier acting on behalf of the SDID

  • Exempt Domains: Add any domains you want to exclude from DKIM signing

Step 5: Save Your Settings

  1. Click Save to apply the DKIM configuration.

  2. Your domain is now configured to sign outbound email using DKIM.

How to update your DKIM settings using Sendmarc

To update your DKIM record through Sendmarc, please refer to the Sendmarc DKIM Setup Documentation.

Trend Micro Interscan’s Documentation

Trend Micro Interscan’s official DKIM configuration guide can be found here.

Looking for SPF Settings?

Find out how to configure your Trend Micro Interscan SPF settings here.