Having read Jeff's blog post about Email and DKIM, I'm thinking it might be good to DKIM all mail coming out of our Exchange 2003 servers. Whats a good way of going about that?


No version of Exchange supports DKIM. Microsoft has put their support behind SPF/SenderID instead. There are a couple third-party products that can be added to Exchange to do DKIM (like this, for instance) but I personally wouldn't run that stuff on any of my Exchange servers. The more common approach is to have another server (or servers) sitting between Exchange and the internet running a more secure MTA that can do the DKIM for you.


I wrote an open source DKIM signing module for Exchange 2007, 2010, 2012, and 2016: https://github.com/Pro/dkim-exchange

We are using it now for a few months and didn't have any problems yet.


I have an open source version of a DKIM signing transport agent for Microsoft Exchange hosted on BitBucket here. It only works on Exchange 2007 at the moment, although it could easily be adapted to work on later versions. Unfortunately 2003 can't be helped because there is no ability to write your own transport agents on it.