Messaging Security Gateway - DKIM and DMARK configuration

This discussion has a more recent version.

Issue:

How to configure DKIM and DMARC in Messaging Security Gateway?

Resolution:

To configure DKIM:

  1. Navigate to Email Protection > Email Authentication > DKIM > General
  2. For Enable, select On. A Policy Routes section appears
  3. Enable Restrict processing to selected policy routes...
  4. Confirm that the policy route default_inbound is present in the Require Any Of-list
  5. Add any other required inbound policy routes to the Require Any Of-list
  6. Click Save Changes

To enable DKIM signing:

DKIM signing is not required for authenticating incoming email, but needs to be set up if you want others to be able to authenticate emails coming from your organization.

  1. Navigate to Email Protection > Email Authentication > DKIM Signing> General
  2. For Enable, select On
  3. Set the DKIM Signing Error to Reject the message temporarily
    1. Click Edit Rule...
    2. Make sure Delivery Method is set to Retry
    3. Click Save Changes
  4. Navigate to Email Protection > Email Authentication > DKIM Signing> Keys
  5. Click Generate Key
  6. Set Domain to the domain that the key should be signing
  7. Set Selector to any alphanumeric string, at your discretion. The important thing is to NOT leave the field empty
  8. Set Scope to either Any, Domain Including Sub-Domains or Exact Domain
  9. Tick the Disable processing for selected policy routes...-checkbox
  10. Add all inbound policy routes to the Disable For Any Of-list

Once the key is generated, a DNS text record is also generated which will need to be published to your DNS servers. Click View in the DNS Text Record column to see the record for a specific key.

To enable DMARC:

  1. If SPF is not enabled:
    1. Navigate to Email Protection > Email Authentication > SPF > General
    2. For Enable, select On. A Policy Routes section appears
    3. Enable Restrict processing to selected policy routes...
    4. Confirm that the policy route default_inbound is present in the Require Any Of-list
    5. Add any other required inbound policy routes to the Require Any Of-list
    6. Click Save Changes
  2. If DKIM is not enabled:
  • Refer back to the instructions above, "To configure DKIM", regarding how to set up DKIM
  1. Enable DMARC:
    1. Before you enable DMARC, ensure that you have also enabled the SPF and DKIM modules
    2. Navigate to Email Protection > Email Authentication > DMARC > General
    3. For Enable, select On. A Policy Routes section appears
    4. Enable Restrict processing to selected policy routes...
    5. Confirm that the policy route default_inbound is present in the Require Any Of-list
    6. Add any other required inbound policy routes to the Require Any Of-list
      • Important: Ensure that the same inbound policy routes that you selected for the SPF and DKIM modules are also on the Require Any Of-list
    7. Click Save Changes

Article no: 000003216

Sign In or Register to comment.