Submit a ticket My Tickets
Login  Sign up

How to Setup DKIM for Forcepoint-Websense?

If you want to enable DKIM for Forcepoint-Websense, you can follow the steps shown below on your Forcepoint account after having created the required TXT record in your domain’s DNS. Want to learn more about what DKIM is? Read our guide on DKIM authentication. 

Forcepoint recommends that you configure DKIM for your emails since:

  •  DKIM is an email authentication protocol that ensures that your emails are digitally signed with a key when it leaves your sender’s server. This is the private key, that is handled by your mail transfer agent. This key is matched against a public key that is saved and published in your DNS, by the receiver of your email to verify your authenticity.
  • It improves the deliverability of your emails, prevents your emails from being altered or accessed by cybercriminals, and reduces spam. 

Forcepoint’s DKIM configuration has four major steps:

Steps to Setup DKIM for Forcepoint-Websense

  1. Creating a DKIM private key
  2. Creating a DKIM signing rule
  3. Creating a public DKIM Key
  4. Enabling DKIM verification in Forcepoint
  1. Creating Private DKIM key in Forcepoint 

  • Login to your Forcepoint control panel as an admin and go to Settings > Inbound/Outbound > DKIM Settings page
  • Navigate to the DKIM Signing Keys section and click on Add
  • The Add Signing Key page will open
  • In the Key Name field, enter a name for your key
  • Select one of the following options for creating your key:

-You can click on the Generate key (default) option to create a new private key (only a 1024-bit private key is supported by Forcepoint)


-You can copy and paste a Private key in the entry box if you already have it created using online wizards like a free DKIM record generator.

  •  Click on OK

You can import a DKIM signing key by navigating to the Settings > Inbound/Outbound > DKIM Settings page. Click on Import to open a browser window. Navigate to the desired key file and click Open.

You can export a key by selecting the checkbox against the key you want to export in the signing keys table, and clicking on Export to open a browser window. Navigate to the desired directory location and click Save.

  1. Creating a DKIM signing rule

A DKIM signing rule is used to associate a DKIM key pair (private and public key) with domains and email addresses. As the name suggests, a DKIM signing rule helps you regulate DKIM signatures, with options to choose specific message headers to sign, how much of the message body you want to sign as well as affix additional signature tags if desired. 

Note: You can easily delete a DKIM signing rule on Forcepoint. Simply select the checkbox against the rule you want to delete and click on Delete.

To set up a DKIM signing rule for your domain on Forcepoint, go to Settings > Inbound/Outbound > DKIM Settings page

  1. On the DKIM Settings page, click on Add in the DKIM Signing Rules section to open the Add Signing Rule page.
  2. In the Rule name entry field, enter a name for your rule.
  3. Enter the name of the domain to which this signing rule applies.
  4. You can also include the identity of the user for whom the messages are signed by selecting “Include user identifier” and entering the name of the agent and marking the checkbox against it. Note that this is an optional feature.
  5. In the Selector entry field, enter your domain name selector.
  6. Now you can select a signing key that you prefer to associate with your selected DKIM signing rule from the Signing key drop-down list.
  7. Furthermore, you can click on Advanced Options to select and add additional signing rules and signature tags. This however is an optional feature. To view advanced settings for DKIM on Forcepoint and learn about the options in detail, please go through their DKIM setup guide

    Finally, to add the DKIM signing rule, you can either select Sign email messages to sign the emails from the addresses in the list. However, emails sent from other addresses will not be signed. 

    Alternatively, you can select the option Do not sign email messages and create a list of email addresses to which this option applies. In this case, emails sent from the addresses in the list are not signed, while emails sent from other addresses outside of the list are.

    Email addresses can be subsequently removed from the DKIM signing list, but clicking on the Remove button.

    10. Click on OK to save changes to your DKIM signing rule. Note that the process of importing or exporting a DKIM signing rule is the same as the method used to import/export your private key on Forcepoint.
  1. Creating a DKIM public key 

To create your DKIM public key for a rule, head over to the DKIM Signing Rules table by clicking the link for the desired rule in the DNS Text Record column. A dialogue box will appear for generating your DNS TXT record box containing your public key information. Click on View to view your respective public keys for every private key generated. 

Note that the public keys for specific domains have to be published in the public-facing DNS for that domain to be queried during verification. A single domain cannot have multiple DKIM records in the DNS for the same domain.

NoteTo ensure that your setup signing rule is valid, you can test your rule on Forcepoint by clicking on Test against your desired rule on the DKIM Signing Rules table. 

  1. Activating DKIM authentication on Forcepoint

To activate DKIM signing and authentication on Forcepoint, go to Settings > Inbound/Outbound > DKIM Settings. Navigate to the “DomainKeys Identified Mail (DKIM) Verification” section and select any one of more of the following options for verification provided by Forcepoint:

  • Enable DomainKeys Identified Mail (DKIM) verification for inbound messages (only emails being sent to you by senders outside of your associated domains would be eligible for DKIM verification)
  • Enable DomainKeys Identified Mail (DKIM) verification for outbound messages (only emails sent from your associated domains to your recipients would be eligible for DKIM verification)
  • Enable DomainKeys Identified Mail (DKIM) verification for internal messages (emails exchanged between your organization’s internal domains)

Lookup and Validate your DKIM record using our free DKIM record lookup tool.


Sign up for your free DMARC analyzer trial!

PowerDMARC is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.