Up: DKIM   [Contents][Index]


5.38.1 Setting up a DKIM record

Follow these steps to set up your own DKIM record:

  1. Generate a key pair:

    Use the openssl genrsa command. Run:

    openssl genrsa -out private.pem 2048
    

    The last argument is the size of the private key to generate in bits.

  2. Extract the public key:
    openssl rsa -in private.pem -pubout -outform PEM -out public.pem
    
  3. Set up a DKIM record in your domain:

    A DKIM record is a TXT type DNS record that holds the public key part for verifying messages. Its format is defined in RFC 487128. The label for this record is composed as follows:

      s._domainkey.d
    

    where d is your domain name, and s is the selector you chose to use. You will use these two values as parameters to the dkim_sign function in your eom handler. E.g. if your domain in ‘example.com’ and selector is ‘s2048’, then the DKIM TXT record label is ‘s2048._domainkey.example.com’.

    The public key file generated in step 2 will have the following contents:

    -----BEGIN PUBLIC KEY-----
    base64
    -----END PUBLIC KEY-----
    

    where base64 is the key itself in base64 encoding. The minimal DKIM TXT record will be:

    "v=DKIM1; p=base64"
    

    The only mandatory tag is in fact ‘p=’. The use of ‘v=’ is recommended. More tags can be added as needed. In particular, while testing the DKIM support, it is advisable to add the ‘t=y’ tag.


Footnotes

(28)

https://tools.ietf.org/html/rfc4871