content/howTo/dkim.html - james-site - Git at Google

 <!--
     Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements. See the NOTICE file
     distributed with this work for additional information
     regarding copyright ownership. The ASF licenses this file
     to you under the Apache License, Version 2.0 (the
     "License"); you may not use this file except in compliance
     with the License. You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing,
     software distributed under the License is distributed on an
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied. See the License for the
     specific language governing permissions and limitations
     under the License.
 -->
 <!DOCTYPE html>
 <html>
     <head>
         <meta charset="utf-8"/>
         <title>Apache James</title>

         <link rel="stylesheet" type="text/css" href="/assets/css/main.css">
         <link rel="stylesheet" type="text/css" href="/assets/css/font-awesome.min.css">
         <link rel="stylesheet" type="text/css" href="/assets/css/ie8.css">
         <link rel="stylesheet" type="text/css" href="/assets/css/ie9.css">
         <link rel="shortcut icon" href="/images/james-logo.png">
     </head>
 <body>
     <!--
     Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements. See the NOTICE file
     distributed with this work for additional information
     regarding copyright ownership. The ASF licenses this file
     to you under the Apache License, Version 2.0 (the
     "License"); you may not use this file except in compliance
     with the License. You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing,
     software distributed under the License is distributed on an
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied. See the License for the
     specific language governing permissions and limitations
     under the License.
 -->

 <div id="wrapper">
     <div class="apache_ref">
         <a href="https://www.apache.org" alt="apache foundation link"><img src="https://www.apache.org/foundation/press/kit/asf_logo.svg" title="apache foundation logo"/></a>
     </div>
     <div class="apache_ref_mobile">
         <a href="https://www.apache.org" alt="apache foundation link">The Apache Software Foundation</a>
     </div>
     <div class="apache_ref_left">
         <a href="https://www.apache.org/events/current-event.html" alt="apache foundation event"><img src="https://www.apache.org/events/current-event-234x60.png" title="apache foundation event logo"/></a>
     </div>
     <div class="apache_ref_left_mobile">
         <a href="https://www.apache.org/events/current-event.html" alt="apache foundation event"><img src="https://www.apache.org/events/current-event-234x60.png" title="apache foundation event logo"/></a>
     </div>

     <!--
     Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements. See the NOTICE file
     distributed with this work for additional information
     regarding copyright ownership. The ASF licenses this file
     to you under the Apache License, Version 2.0 (the
     "License"); you may not use this file except in compliance
     with the License. You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing,
     software distributed under the License is distributed on an
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied. See the License for the
     specific language governing permissions and limitations
     under the License.
 -->

 <header id="header" class="alt">
     <div class="logo"><a href="/index.html" alt="Apache James"><img src="/images/james.svg" alt="james logo"/></a></div>
     <h1 class="hidden">James Enterprise Mail Server</h1>
     <h2>Emails at the heart of your business logic</h2>
 </header>

     <!--
     Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements. See the NOTICE file
     distributed with this work for additional information
     regarding copyright ownership. The ASF licenses this file
     to you under the Apache License, Version 2.0 (the
     "License"); you may not use this file except in compliance
     with the License. You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing,
     software distributed under the License is distributed on an
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied. See the License for the
     specific language governing permissions and limitations
     under the License.
 -->

 <!-- Main -->
 <div id="main">

     <!-- Introduction -->
     <section id="intro" class="main special">
       <div class="">
         <div class="content align-left">
             <header class="major">
                 <h1><b>What is a DKIM Record?</b></h1>
             </header>

             <p>
               DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages aren’t altered in transit between the sending and recipient servers.
             </p>

             <p>
               It uses public-key cryptography to sign email with a private key as it leaves a sending server.
               Recipient servers then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit.
             </p>

             <p>
               Once the signature is verified with the public key by the recipient server, the message passes the DKIM check and is considered authentic.
             </p>

             <p>
               The process of setting up DKIM can be split into the following steps:
             </p>

             <ul>
                 <li>Choose a DKIM selector.</li>
                 <li>Generate a public-private key pair.</li>
                 <li>Publish the selector and public key by creating a DKIM TXT record.</li>
                 <li>Attach the token to each outgoing email.</li>
             </ul>

             <p>
               Before we begin, you might wonder what is a DKIM selector?
             </p>
             <p>
               In short, a selector is specified as an attribute for a DKIM signature and is recorded in the DKIM-Signature header field.
               A selector can be anything you want, such as a word, number, or a string of letters and numbers.
           </p>
           <p>
             For example, if you choose <code>james3</code> for your selector, the DKIM record name would become <code>james3._domainkey</code>
           </p>


             <header class="major">
                 <h1><b>Generate RSA Key Pair for DKIM</b></h1>
             </header>

             <p>
               You can use tools such as <code>openssl</code> or <code>ssh-keygen</code> to generate RSA keys.
             </p>
             <p>
              Please note that 1024 bit DKIM is still the standard. If you want to feel safer with 2048-bit RSA, check with your DNS provider and see what length of DKIM key is supported because they need to match.
             </p>
             <p>Generate a 1024 bit RSA Key:</p>
             <code>$ openssl genrsa -out private.pem 1024</code>

             <p>Export the RSA Public Key to a file:</p>
             <code>$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem</code>
             <p>Both generated files are base64-encoded encryption keys in plain text format:</p>

             <pre><code>-----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQCxMwUfjQbppE2EK4T2IDuiLRvZ4opSwJwxani/5Ii5VbqMQRfo
 edUMuczK5qKJuIupTnh9AhJfaAsGUSruCVlGYXq6bqfak3XGHGu4s0rAXRM6Y3us
 gy8RyxfWQqtYbEZPIwkLGPbPeIh2t8s3mL9fD9+tpO5H1Kc+9MBTMm7qnQIDAQAB
 AoGATyl52nSIaAyMzMUca1BPE86PKLG6FeoSXUkxlJimNBYGdu4Fnkf/U+YVhXev
 mVMmoYZ68W3hg1nZwwKz6Q+oH7iBk+AJRQlDQmdNuqBS5epKQpIk77w6J+Nd2HCa
 wLXnt5wtDcusIV+HvznKi/yEt+oq29BbyY2CjAUYtR57wEECQQDhs71D4M8su6hv
 bBbif1V/4m62ChkSZRnD7T2rCxzqLoe3Qe6W9hwysDjYMAtq3pA7mjMYyTqrx8sJ
 RWcVSaf5AkEAyPx63vEKS38QPYyiesuJqqrnTeVlnPInedEmJmI6Rz5cWISosvNz
 /QjHzTqOT1fXfskbhutg1/mDarsHnH/oxQJBAJjH/cdUB4nlYehCx978iRjvYzgQ
 79XW4DETiBofhKw1YSM5G1PPN1lMlr4pD6GBFStzf0E4/mFH9nXJKDVtzakCQQCG
 OQ75ijHc31uCL0RnCzzB7GaSf+tPV+yDDukSYzEWWRAk0Vs0Px+r0UxVw5A8bqZs
 dnPas6C2O1zHT2Yy3r0dAkBECZDJaFhADFPSex8UrUrIidJaz8NLdyDiuwXKjc/c
 AmlLQXKntU4M5EIE6jz0Gf1ivw06pvTDOCDWlDxJRvf8
 -----END RSA PRIVATE KEY-----</code></pre>
             <pre><code>
 -----BEGIN PUBLIC KEY-----
 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxMwUfjQbppE2EK4T2IDuiLRvZ
 4opSwJwxani/5Ii5VbqMQRfoedUMuczK5qKJuIupTnh9AhJfaAsGUSruCVlGYXq6
 bqfak3XGHGu4s0rAXRM6Y3usgy8RyxfWQqtYbEZPIwkLGPbPeIh2t8s3mL9fD9+t
 pO5H1Kc+9MBTMm7qnQIDAQAB
 -----END PUBLIC KEY-----
            </code></pre>

            <p>Beside above steps, online tools such as <a href="https://www.sparkpost.com/resources/tools/dkim-wizard/">DKIM Wizard</a> can help you easily create a public and private key pair to be used for DomainKeys and DKIM signing. </p>


            <header class="major">
             <h1><b>Create DKIM TXT record</b></h1>
           </header>
             <p>Log in your Domain Control Panel and create a TXT Record:</p>

         <pre><code>Record Type: TXT Record
 Host Name: james3._domainkey
 Text: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD[...Your Public Key...]
 </code></pre>

 <h1><b>Configure DKIMSign mailet</b></h1>

 <p>Lastly, you need to add a maillet to the <code>mailetcontainer.xml</code> in the /conf file of Apache James.</p>


 <pre><code>[...]
 &lt;processors>
   &lt;processor state="relay" enableJmx="true">
     &lt;mailet match="All" class="org.apache.james.jdkim.mailets.DKIMSign"&gt;
       &lt;signatureTemplate>v=1; s=james3; d=domain.example.com ; h=from : reply-to : subject : date : to : cc : resent-date : resent-from : resent-sender : resent-to : resent-cc : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; a=rsa-sha256; bh=; b=;&lt;/signatureTemplate&gt;
       &lt;privateKey>
       -----BEGIN RSA PRIVATE KEY-----
       [Your Private Key]
       -----END RSA PRIVATE KEY-----
       &lt;/privateKey&gt;
     &lt;/mailet&gt;
   &lt;/processor&gt;
 &lt;/processors&gt;
 [...]</code></pre>

 <h1><b>Verifying DKIM Record</b></h1>
 <p>To query the DKIM key, you will have to know the DKIM selector:</p>

 <pre><code>$ dig txt james3._domainkey.domain.example.com
 ; <<>> DiG 9.16.1-Ubuntu <<>> txt james3._domainkey.domain.example.com
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39673
 ;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 ;; WARNING: recursion requested but not available

 ;; QUESTION SECTION:
 ;james3._domainkey.domain.example.com IN TXT

 ;; ANSWER SECTION:
 james3._domainkey.domain.example.com. 0 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD[...Your Public Key...]"
 [...]</code></pre>
 </div>


 </div>
 <footer class="major">
 <ul class="actions align-center">
     <li><a href="index.html" class="button">go back to other how-tos</a></li>
 </ul>
 </footer>
 </section>
 </div>


     <!--
     Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements. See the NOTICE file
     distributed with this work for additional information
     regarding copyright ownership. The ASF licenses this file
     to you under the Apache License, Version 2.0 (the
     "License"); you may not use this file except in compliance
     with the License. You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing,
     software distributed under the License is distributed on an
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied. See the License for the
     specific language governing permissions and limitations
     under the License.
 -->

 <footer id="footer" class="major">
     <section>
         <h2>James</h2>
         <ul class="no-padding">
             <li class="no-padding"><a href="https://james.apache.org/#intro" class="active">About</a></li>
             <li class="no-padding"><a href="https://james.apache.org/#first">Get Started</a></li>
             <li class="no-padding"><a href="https://james.apache.org/#posts">Last Posts</a></li>
             <li class="no-padding"><a href="https://james.apache.org/#second">Community</a></li>
             <li class="no-padding"><a href="https://james.apache.org/#third">Contribute</a></li>
             <li class="no-padding"><a href="https://james.apache.org/"><span class="fa fa-external-link"></span> Documentation</a></li>
         </ul>
     </section>
     <section>
         <h2>Connect</h2>
         <ul class="icons">
             <li><a href="https://james.apache.org/mail.html" class="icon fa-envelope-o alt"><span class="label">Mailing-list</span></a></li>
             <li><a href="https://gitter.im/apache/james-project" class="icon fa-wechat alt"><span class="label">Gitter</span></a></li>
             <li><a href="https://github.com/apache/james-project" class="icon fa-github alt"><span class="label">GitHub</span></a></li>
             <li><a href="https://twitter.com/ApacheJames" class="icon fa-twitter alt"><span class="label">Twitter</span></a></li>
             <li><a href="https://james.apache.org/support.html" class="icon fa-briefcase alt"><span class="label">Support</span></a></li>
             <li><a href="http://www.apache.org/events/current-event" class="icon fa-calendar alt"><span class="label">Apache Foundation events</span></a></li>
         </ul>
     </section>
     <section class="legal-section">
         <h2>Copyright</h2>
         Apache James and related projects are trademarks of the Apache Software Foundation.<br/>
         <a href="https://www.apache.org/">Copyright 2006-2021 The Apache Software Foundation. All Rights Reserved.</a><br/>
         <a href="https://www.apache.org/licenses/">License</a><br/>
         <a href="https://www.apache.org/foundation/sponsorship.html">Donate</a> to support the Apache Foundation<br/>
         <a href="https://www.apache.org/foundation/thanks.html">Thanks</a><br/>
         Design: <a href="https://html5up.net">HTML5 UP</a><br/>
         Thanks to <a href="http://www.neoma-interactive.com/">Neoma by Linagora</a> for the website design
     </section>
 </footer>
 </div>

 </body>
 </html>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.
	-->
	<!DOCTYPE html>
	<html>
	<head>
	<meta charset="utf-8"/>
	<title>Apache James</title>

	<link rel="stylesheet" type="text/css" href="/assets/css/main.css">
	<link rel="stylesheet" type="text/css" href="/assets/css/font-awesome.min.css">
	<link rel="stylesheet" type="text/css" href="/assets/css/ie8.css">
	<link rel="stylesheet" type="text/css" href="/assets/css/ie9.css">
	<link rel="shortcut icon" href="/images/james-logo.png">
	</head>
	<body>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.
	-->

	<div id="wrapper">
	<div class="apache_ref">
	<a href="https://www.apache.org" alt="apache foundation link"><img src="https://www.apache.org/foundation/press/kit/asf_logo.svg" title="apache foundation logo"/></a>
	</div>
	<div class="apache_ref_mobile">
	<a href="https://www.apache.org" alt="apache foundation link">The Apache Software Foundation</a>
	</div>
	<div class="apache_ref_left">
	<a href="https://www.apache.org/events/current-event.html" alt="apache foundation event"><img src="https://www.apache.org/events/current-event-234x60.png" title="apache foundation event logo"/></a>
	</div>
	<div class="apache_ref_left_mobile">
	<a href="https://www.apache.org/events/current-event.html" alt="apache foundation event"><img src="https://www.apache.org/events/current-event-234x60.png" title="apache foundation event logo"/></a>
	</div>

	<!--
	Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.
	-->

	<header id="header" class="alt">
	<div class="logo"><a href="/index.html" alt="Apache James"><img src="/images/james.svg" alt="james logo"/></a></div>
	<h1 class="hidden">James Enterprise Mail Server</h1>
	<h2>Emails at the heart of your business logic</h2>
	</header>

	<!--
	Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.
	-->

	<!-- Main -->
	<div id="main">

	<!-- Introduction -->
	<section id="intro" class="main special">
	<div class="">
	<div class="content align-left">
	<header class="major">
	<h1><b>What is a DKIM Record?</b></h1>
	</header>

	<p>
	DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages aren’t altered in transit between the sending and recipient servers.
	</p>

	<p>
	It uses public-key cryptography to sign email with a private key as it leaves a sending server.
	Recipient servers then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit.
	</p>

	<p>
	Once the signature is verified with the public key by the recipient server, the message passes the DKIM check and is considered authentic.
	</p>

	<p>
	The process of setting up DKIM can be split into the following steps:
	</p>

	<ul>
	<li>Choose a DKIM selector.</li>
	<li>Generate a public-private key pair.</li>
	<li>Publish the selector and public key by creating a DKIM TXT record.</li>
	<li>Attach the token to each outgoing email.</li>
	</ul>

	<p>
	Before we begin, you might wonder what is a DKIM selector?
	</p>
	<p>
	In short, a selector is specified as an attribute for a DKIM signature and is recorded in the DKIM-Signature header field.
	A selector can be anything you want, such as a word, number, or a string of letters and numbers.
	</p>
	<p>
	For example, if you choose <code>james3</code> for your selector, the DKIM record name would become <code>james3._domainkey</code>
	</p>


	<header class="major">
	<h1><b>Generate RSA Key Pair for DKIM</b></h1>
	</header>

	<p>
	You can use tools such as <code>openssl</code> or <code>ssh-keygen</code> to generate RSA keys.
	</p>
	<p>
	Please note that 1024 bit DKIM is still the standard. If you want to feel safer with 2048-bit RSA, check with your DNS provider and see what length of DKIM key is supported because they need to match.
	</p>
	<p>Generate a 1024 bit RSA Key:</p>
	<code>$ openssl genrsa -out private.pem 1024</code>

	<p>Export the RSA Public Key to a file:</p>
	<code>$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem</code>
	<p>Both generated files are base64-encoded encryption keys in plain text format:</p>

	<pre><code>-----BEGIN RSA PRIVATE KEY-----
	MIICXQIBAAKBgQCxMwUfjQbppE2EK4T2IDuiLRvZ4opSwJwxani/5Ii5VbqMQRfo
	edUMuczK5qKJuIupTnh9AhJfaAsGUSruCVlGYXq6bqfak3XGHGu4s0rAXRM6Y3us
	gy8RyxfWQqtYbEZPIwkLGPbPeIh2t8s3mL9fD9+tpO5H1Kc+9MBTMm7qnQIDAQAB
	AoGATyl52nSIaAyMzMUca1BPE86PKLG6FeoSXUkxlJimNBYGdu4Fnkf/U+YVhXev
	mVMmoYZ68W3hg1nZwwKz6Q+oH7iBk+AJRQlDQmdNuqBS5epKQpIk77w6J+Nd2HCa
	wLXnt5wtDcusIV+HvznKi/yEt+oq29BbyY2CjAUYtR57wEECQQDhs71D4M8su6hv
	bBbif1V/4m62ChkSZRnD7T2rCxzqLoe3Qe6W9hwysDjYMAtq3pA7mjMYyTqrx8sJ
	RWcVSaf5AkEAyPx63vEKS38QPYyiesuJqqrnTeVlnPInedEmJmI6Rz5cWISosvNz
	/QjHzTqOT1fXfskbhutg1/mDarsHnH/oxQJBAJjH/cdUB4nlYehCx978iRjvYzgQ
	79XW4DETiBofhKw1YSM5G1PPN1lMlr4pD6GBFStzf0E4/mFH9nXJKDVtzakCQQCG
	OQ75ijHc31uCL0RnCzzB7GaSf+tPV+yDDukSYzEWWRAk0Vs0Px+r0UxVw5A8bqZs
	dnPas6C2O1zHT2Yy3r0dAkBECZDJaFhADFPSex8UrUrIidJaz8NLdyDiuwXKjc/c
	AmlLQXKntU4M5EIE6jz0Gf1ivw06pvTDOCDWlDxJRvf8
	-----END RSA PRIVATE KEY-----</code></pre>
	<pre><code>
	-----BEGIN PUBLIC KEY-----
	MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxMwUfjQbppE2EK4T2IDuiLRvZ
	4opSwJwxani/5Ii5VbqMQRfoedUMuczK5qKJuIupTnh9AhJfaAsGUSruCVlGYXq6
	bqfak3XGHGu4s0rAXRM6Y3usgy8RyxfWQqtYbEZPIwkLGPbPeIh2t8s3mL9fD9+t
	pO5H1Kc+9MBTMm7qnQIDAQAB
	-----END PUBLIC KEY-----
	</code></pre>

	<p>Beside above steps, online tools such as <a href="https://www.sparkpost.com/resources/tools/dkim-wizard/">DKIM Wizard</a> can help you easily create a public and private key pair to be used for DomainKeys and DKIM signing. </p>


	<header class="major">
	<h1><b>Create DKIM TXT record</b></h1>
	</header>
	<p>Log in your Domain Control Panel and create a TXT Record:</p>

	<pre><code>Record Type: TXT Record
	Host Name: james3._domainkey
	Text: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD[...Your Public Key...]
	</code></pre>

	<h1><b>Configure DKIMSign mailet</b></h1>

	<p>Lastly, you need to add a maillet to the <code>mailetcontainer.xml</code> in the /conf file of Apache James.</p>



	<pre><code>[...]
	<processors>
	<processor state="relay" enableJmx="true">
	<mailet match="All" class="org.apache.james.jdkim.mailets.DKIMSign">
	<signatureTemplate>v=1; s=james3; d=domain.example.com ; h=from : reply-to : subject : date : to : cc : resent-date : resent-from : resent-sender : resent-to : resent-cc : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; a=rsa-sha256; bh=; b=;</signatureTemplate>
	<privateKey>
	-----BEGIN RSA PRIVATE KEY-----
	[Your Private Key]
	-----END RSA PRIVATE KEY-----
	</privateKey>
	</mailet>
	</processor>
	</processors>
	[...]</code></pre>

	<h1><b>Verifying DKIM Record</b></h1>
	<p>To query the DKIM key, you will have to know the DKIM selector:</p>

	<pre><code>$ dig txt james3._domainkey.domain.example.com
	; <<>> DiG 9.16.1-Ubuntu <<>> txt james3._domainkey.domain.example.com
	;; global options: +cmd
	;; Got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39673
	;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
	;; WARNING: recursion requested but not available

	;; QUESTION SECTION:
	;james3._domainkey.domain.example.com IN TXT

	;; ANSWER SECTION:
	james3._domainkey.domain.example.com. 0 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD[...Your Public Key...]"
	[...]</code></pre>
	</div>



	</div>
	<footer class="major">
	<ul class="actions align-center">
	<li><a href="index.html" class="button">go back to other how-tos</a></li>
	</ul>
	</footer>
	</section>
	</div>



	<!--
	Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.
	-->

	<footer id="footer" class="major">
	<section>
	<h2>James</h2>
	<ul class="no-padding">
	<li class="no-padding"><a href="https://james.apache.org/#intro" class="active">About</a></li>
	<li class="no-padding"><a href="https://james.apache.org/#first">Get Started</a></li>
	<li class="no-padding"><a href="https://james.apache.org/#posts">Last Posts</a></li>
	<li class="no-padding"><a href="https://james.apache.org/#second">Community</a></li>
	<li class="no-padding"><a href="https://james.apache.org/#third">Contribute</a></li>
	<li class="no-padding"><a href="https://james.apache.org/"><span class="fa fa-external-link"></span> Documentation</a></li>
	</ul>
	</section>
	<section>
	<h2>Connect</h2>
	<ul class="icons">
	<li><a href="https://james.apache.org/mail.html" class="icon fa-envelope-o alt"><span class="label">Mailing-list</span></a></li>
	<li><a href="https://gitter.im/apache/james-project" class="icon fa-wechat alt"><span class="label">Gitter</span></a></li>
	<li><a href="https://github.com/apache/james-project" class="icon fa-github alt"><span class="label">GitHub</span></a></li>
	<li><a href="https://twitter.com/ApacheJames" class="icon fa-twitter alt"><span class="label">Twitter</span></a></li>
	<li><a href="https://james.apache.org/support.html" class="icon fa-briefcase alt"><span class="label">Support</span></a></li>
	<li><a href="http://www.apache.org/events/current-event" class="icon fa-calendar alt"><span class="label">Apache Foundation events</span></a></li>
	</ul>
	</section>
	<section class="legal-section">
	<h2>Copyright</h2>
	Apache James and related projects are trademarks of the Apache Software Foundation.<br/>
	<a href="https://www.apache.org/">Copyright 2006-2021 The Apache Software Foundation. All Rights Reserved.</a><br/>
	<a href="https://www.apache.org/licenses/">License</a><br/>
	<a href="https://www.apache.org/foundation/sponsorship.html">Donate</a> to support the Apache Foundation<br/>
	<a href="https://www.apache.org/foundation/thanks.html">Thanks</a><br/>
	Design: <a href="https://html5up.net">HTML5 UP</a><br/>
	Thanks to <a href="http://www.neoma-interactive.com/">Neoma by Linagora</a> for the website design
	</section>
	</footer>
	</div>

	</body>
	</html>