Underground Forum
- #1
What is a DKIM signature?
The DKIM signature is used to authenticate the sender's email address.DKIM key generation
First of all, you need to generate a pair of DKIM keys, public and private.Public key example:
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEb2NV4mpKZ+69sUEXP6eOLS3O
RikUUTonDJmO/nMt7h+qY0W96o9Lwz4fJzdRlh1r74pGAvsR98RUUqdkTY6S8xjV
bGDccLflyIsJjrjSuK70HDnYLrE7uk9LcEAM8amSVCW8vv6Sq35bB7Vm8h9HS8JK
8aPqY68MujjD96lEUQIDAQAB
-----END PUBLIC KEY-----
Private key example:
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCEb2NV4mpKZ+69sUEXP6eOLS3ORikUUTonDJmO/nMt7h+qY0W9
6o9Lwz4fJzdRlh1r74pGAvsR98RUUqdkTY6S8xjVbGDccLflyIsJjrjSuK70HDnY
LrE7uk9LcEAM8amSVCW8vv6Sq35bB7Vm8h9HS8JK8aPqY68MujjD96lEUQIDAQAB
AoGAMSznNsnW7AABr2A1KjvRrMJr4s88i7XJoRxVnLow7JoiGfO4vtdtFBXQaGL4
cIwMKrsMngiXT8mvlhwG2gDOcoR/8l6GR5hOTAEvWnYlEy5YE6SID8lie/eZFFBD
OaiWzB86rsyw7XyOGjXtZ3+BMcS+b2LDZqO/SUl5+qhhFgECQQD9+bOsiF1GvlYZ
hlrubudNrbA5A0AlVgrh59NCoCgTUvxm0lpH8CUQqldIVMt2o3vmguSbjOPtrsZm
DpPzv7TxAkEAhX2nY2lik0+e5pnuPqtsqQGPVFCl7bUO2ClnRO5Mky4GNHPLwQuQ
nBWZA1mbcPTak4WxHqG0Mb/MX/nLgU0FYQJBAKzghZ8Ri3yWHwFs5QSb1TKY4fVM
8yL2+J1hMfqODflpaYmL8gw5uOEpMhR4M67kBXiY7Ie9VYD6kO3zSl6GxeECQBmR
pONEx03iHVScPWchnLGOi+6hd/bdDFfZLl+kqWQzl5qqZ2e1mGBdPq7GliB/tfI1
1GRCouo4i6QCi7lbkGECQE3f19s0/Wu3dbhMbdsDRTPP3VuTCVo1qfDpR9hg8OVn
R5u3hIece9fFe8X9fnRsSJgIwW3fRg8Ezf4vzAJoHKE=
-----END RSA PRIVATE KEY-----
Generation via OpenSSL
# Open a terminal and enter the command:
openssl
# Generate a private, 1024 bit DKIM key:
genrsa -out rsa_private_key.pem 1024
# Generate a public DKIM key:
rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
Generation via OpenDKIM
# Open a terminal and enter the command:
opendkim-genkey -d domain.com -s mail
domain.com - your domain
mail - selector
Generation via DKIM Wizard
Go to
, enter your domain name, select the DKIM key size in bits (1024 and 2048), selector and click "Create Keys".
Do not use "key1" as a DKIM selector.
Install DKIM key
Depending on the MTA used, place the private key file in the required directory of your sending server, and the public key on the DNS side as a TXT record.Path to private key in EXIM:
-/etc/exim4/dkim/
In PowerMTA:
-/etc/pmta/
Example of DNS record:
dkim7._domainkey.domain.com. selector.domainkey.domainname | TXT (text record) | v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCF3LpS+qlsaaYK4VE6I8apSXNMSM/Ef1BEE1XOvNyQkabx3kG24TVs3rr1+vZXukBoZ4C4tMFTJk0Kq3xoY1s6dvkoMrb52dktaJa4/M2Pk GwijZPgaNenvdXb9JHa7By6oos2K2tZbLgbKnnsnFJK6bophO9IsJzMbs/Oaw2q1wIDAQAB Public DKIM key |