DomainKeys is a technology proposal that can bring black and white back to this decision process by giving email providers a mechanism for verifying both the domain of each email sender and the integrity of the messages sent. To learn more detail about DomainKeys, please refer to http://antispam.yahoo.com/domainkeys
DKIM is a similar technology as Domainkeys. To learn more detail about DKIM, please refer to RFC4871.
Now, EmailArchitect Server provides a way to add DomainKeys signature and DKIM signature to outgoing email.
Make key-pair certificate
First of all, we need to generate a certificate which contains public key/private key. We can use MakeCert.exe (.NET Framework Tools) to generate certificate like this:
makecert -pe -n "CN=mydomainkeys" -ss my -sr LocalMachine -a sha1 -sky signature -rThen you can check the certficate like this:
Windows Start Menu->input: MMC press enter. MMC->File Menu->Add/Remove Span-in Add->Choose "Certificates"-> Computer Account->Local Machine->Finish->Close. Then you should find the certificate at "Certificates(Local Computer)->Personal->Certificates"You can also use this online tool to generate the certificate
http://mail.adminsystem.com/getpfx/getpfx.aspxCreate X-DK-File
To sign the DomainKeys with EmailArchitect Server, we need to create a text file with notepad. and save it.
For example: We create a adminsystem.com.domainkey.txt and contains the following content. dk_d: adminsystem.com dk_s: s1024 CertStore: machine CertStoreName: my CertSubjectName: mydomainkeys DKIMSupport: yes method: nofws dk_d is the email sender domain, dk_s is the domain public key selector. CertSubjectName is the keyword in certificate subject. If DKIMSupport is "yes", then DKIM signature will be added as well. If method is "simple", then Domainkeys/DKIM signature uses "simple" algorithm; If method is "nofws", then Domainkeys/DKIM signature uses "nofws/relaxed" algorithm;You can also export the certificate with MMC. If importing private key is chosen, the *.pfx will be generated.
then the adminsystem.com.domainkey.txt should contain the following content dk_d: adminsystem.com dk_s: s1024 PFXPath: c:\my cert\adminsystem.pfx PFXPassword: mypassword DKIMSupport: yes method: simple dk_d is the email sender domain, dk_s is the domain public key selector. PFXPath is the PFX file full path. PFXPassword is the PFX file password. If DKIMSupport is "yes", then DKIM signature will be added as well. If method is "simple", then Domainkeys/DKIM signature uses "simple" algorithm; If method is "nofws", then Domainkeys/DKIM signature uses "nofws/relaxed" algorithm;Finally, we just need to copy this file to EmailArchitect Server installation path\domainkeys folder. EmailArchitect Server will generate the DomainKeys signature and DKIM signature for email from domain “adminsystem.com” automatically. The file name syntax must be “[domain name].domainkey.txt”.
Deploy Public Key
We also need to deploy the certificate Public Key to your domain DNS server. You can use the online tool http://emailarchitect.com/live/getpublickey.aspx to export the Public Key of your certificate.
Once you get the public key, you should set a TXT record in your domain DNS server. For example: your selector is s1024, your domain is adminsystem.com, then you should create a TXT record for s1024._domainkey.adminsystem.com and set the following content in the record.
s1024._domainkey.adminsystem.com text = "t=y; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmKsozkVJqlNAGsvn1LoJPmoZl8nizv6pIuOV5P 44E8C6Vbl4DW8p0Bb5Zg8EgpYRgsEiJX5pYDj67YzzXNIhViziHwQ3jbUedxNkw/6GV4ZX8aRJKJnwnYqGWIQ8tQESwQtywfduQ2 TjsS1aG3XeOgxxEeuhBNaZHQWVThSinuQIDAQAB"To learn more detail about Public Key deployment, please refer to http://antispam.yahoo.com/domainkeys
Test DomainKeys and DKIM
You just need to send an email to check-auth@verifier.port25.com, then a report will be send back to your sender email address.
reference from: http://www.emailarchitect.net/emailserver/doc/html/domainkeys.htm