The goal is to allow signing domains to assert responsibility for the email messages they send and thus allow message recipients to know that the message came from a trusted source. DKIM does exactly that by using a cryptographic signature to encrypt email messages. It is a must-have addition to your email security suite for obvious reasons.

In this article, we will take you through the steps to configure DKIM keys for Zimbra.

Creating DKIM record for Zimbra Server 

Enabling DKIM signing for Zimbra is a two-step process. 

Step 1: Running zmdkimkeyutil. This helps you generate DKIM keys for your Zimbra server which is stored in the LDAP server. 

Step 2: Entering the DKIM DNS records into your domain’s DNS to configure the protocol. 

• To start off you need to run the zmdkimkeyutil script on an MTA server 

• On running the script, your DKIM record data will be generated and you can find it displayed on your screen. You need to copy this record to your keyboard. 

Note: The screenshot attached above is just an example. Kindly replace domain.com with your own domain name, and replace the DKIM selector and public key with the one generated for you. 

• Log in to your DNS as an administrator

• Paste the public DKIM key for Zimbra in the DNS records section

• Save changes to the update and allow your DNS 48-72 hours to process these changes. And you’re done! 

After publishing your DKIM records, it is standard practice to check if they are valid. You can do so easily, using a free DKIM record lookup tool by simply entering your domain name and hitting the Lookup button. 

DKIM alone cannot protect your domain against phishing attacks and impersonation. You need to enable DMARC for your domain to avail of these benefits. Start your DMARC trial today for free!