DKIM (DomainKeys Identified Mail) is an email security standard that ensures messages haven’t been altered in transit. It uses public-key cryptography to sign emails with a private key on the sending server. Recipient servers verify the signature with a public key published in the sender’s DNS.
Exchange DKIM Signer is an open-source, easy-to-install DKIM Signing Agent for Microsoft Exchange Server. It includes support for Exchange Server 2007 through 2019.
To begin configuring DKIM on your Exchange server, comply with the steps listed below:
Installing Exchange DKIM Signer
- Download the latest GUI package from GitHub.
- Extract and run Configuration.DkimSigner.exe.
- Click Install and then Close when finished.
- Once the installer has completed, click Close.
Configuration
Important Note: Make sure when you’re logging into your exchange server, you have permission to access the path you’ve chosen to store your keys. Otherwise, you’ll receive access denied errors. Furthermore, DKIM signing of outgoing mail will fail.
- Open Configuration.DkimSigner.exe from “C:\Program Files\Exchange DkimSigner\”. 2.
- In the DKIM Settings tab, make sure to choose Relaxed on both header/body sections shown below.
- Click on Save configuration.
- Click Add from the bottom-left of the Domain Settings tab, and then select Yes to create a new DKIM record.
- Enter your domain name in Domain name box and your customized selector name in Selector box, then generate a new key.
Note: DKIM Signer will then generate new public and private DKIM signing keys based on your chosen domain and selector.
6. Save the generated key (.pem file) in C:\Program Files\Exchange DkimSigner\keys and click Save.
Note: You can save in a different location, but the DKIM Signer recommends you store it in the default location.
7. Copy the Suggested DNS name value.
8. Head to your DNS zone (in our case, the DNS zone is Cloudflare).
9. Publish the DKIM TXT record on your DNS zone based on the information copied.
Name: Use the Suggested DNS Name.
Content: Use the Suggested DNS Record.
10. Save the record
Important Note: The DKIM record may take up to 48 hours to be recognized and identified in the DNS level.
11. Check the DNS record in the DKIM Signer Domain Settings tab and click Save domain.
12. Navigate to the Information tab and select Restart to bring the Exchange Transport Service back online.
Congratulations! You have now set up DKIM for the Exchange Server on your domain.