DKIM is an email authentication method designed to detect email spoofing. This protocol lets an organization (sending domain) take responsibility for a message that is in transit using a DKIM signature and also provides the receiver a means to validate a domain name identity that is associated with a message.  Both are achieved through cryptographic authentication and encryption.

If you already have DKIM signatures implemented, they will remain as is in the message header as the email passes through our relays.

EveryCloud offers DKIM Signing and DKIM Checking Services

By default, DKIM is not enabled, but it can be enabled by our support team at no additional cost.


Enabling DKIM Signing for outbound mail


To setup DKIM Signing, you must use a CNAME record to refer to the public key in EveryCloud's DNS:


Set the following CNAME record in the corresponding DNS zone of your domain and any alias domain(s) that relay outbound via EveryCloud:


hse._domainkey.DOMAIN.TLD CNAME hse._domainkey.everycloudtech.com

(Enter your actual domain for DOMAIN.TLD)


Note:  If you only want to use DKIM to check incoming emails (validate only), you do not need

to set the CNAME record.


Then, send an email with the subject Enable DKIM to support@everycloudtech.com and include the following details:


•  For which domains you want to activate DKIM

•  Whether you want to use DKIM for signing and validation, only for validation or only for signing

emails

•  Verify that you have set the CNAME record(s)


Once activated, your outbound email will have a DKIM signature appended in the header as it passes through our relays. The ‘h’ tag will contain the following list of headers. These elements must remain unchanged while the email is in transit otherwise the DKIM signature will fail authentication.


from:

sender:

to:

Subject:

mime-version:content-type


Enabling DKIM Checking for inbound mail


To activate DKIM Checking for inbound mail, send an email with the subject Enable DKIM to support@everycloudtech.com and include the following details:

•  For which domains you want to activate DKIM

•  Whether you want to use DKIM for signing and checking or only for checking


Logging of inbound email filtered by DKIM


Messages for which the DKIM signature does not match the corresponding entry in DNS will be quarantined. In the spam report and in the control panel, the affected emails are marked as spam and can be delivered as required.

In the Control Panel Workspace logs, under the Reason column, you will see ase-dkim if DKIM applies to a specific email.