Enabling DKIM checking for incoming email
FortiMail can perform DKIM checking for the incoming mail by querying the DNS server that hosts the DNS record for the sender’s domain name to retrieve its public key to decrypt and verify the DKIM signature.
To enable DKIM checking:
Go to Profile > Session > Session and click New, or edit an existing profile.
- Under Sender Validation, enable the DKIM checking option. DKIM signing options are also available.
To configure DKIM signing:
If you want to sign the outgoing mail with DKIM signatures so that the remote receiving server can verify the signatures, you can do so after you create the protected domains. Note that the DKIM signing settings only appear when configuring an existing protected domain.
- Go to Domain & User > Domain > Domain and click New, or edit an existing profile.
- Under Advanced Setting, click DKIM Setting.
- Click New.
- Enter a name in the New selector field.
- Set DKIM key to Auto Generation. The key pair will be automatically generated and the public key exported for publication on a DNS server.
- Click OK.
- The new selector will appear. Select the newly created selector and click Download to download the domain key DKIM file.
- Publish the public key by inserting the exported DNS record into the DNS zone file of the DNS server that resolves this domain name.
- From the DKIM Setting window in FortiMail, select the newly created selector and click Activate.
- Click Close, and click OK.