Getting started with DKIM / DomainKeys
I'm using WinServer to generate and send emails via my Goggle Apps-hosted domain (my SMTP server is smtp.gmail.com) . My registrar (Network Solutions) supports Text records - so I should be able to sign outgoing mail. Where do I go to generate those keys? Do I need anything running on my server - is there some other entity involved beyond inserting a text record in my registrar's DNS?
thx
Solution 1:
openssl genrsa -out dk.key 768
openssl rsa -in dk.key -out dk.pem -pubout -outform PEM
Will generate the private key (dk.key) and public key (dk.pem).
Take the public key and c&p to a txt record:
k=rsa; t=y; p=[data from dk.key file, strip BEGIN/END blocks]
The key should be named similar to [selector]._domainkey.example.com
. Note the selector as you'll have to configure your SMTP server with the same name so the receiving server knows where to look for the key (it can be anything you want, like "key1" or "asdf").
You should also configure a policy record for your domain. The record should be named _domainkey.example.com
and contain "o=-" (for all e-mail from domain must be signed) or "o=~" (for signature optional). You may also add "t=y" and some servers will be more forgiving, as it indicates you're testing.
Solution 2:
This page details the steps specific to generating the keys via the Google Apps control panel. Surprising that the handful of pages and posts within google's support didn't detail it this well.