User Guide
20-8
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 20 Email Authentication
Configuring DomainKeys and DKIM Signing
• Searching Domain Profiles, page 20-15
• Signing System-Generated Messages, page 20-15
Creating Domain Profiles for DomainKeys Signing
Procedure
Step 1 Choose Mail Policies > Signing Profiles.
Step 2 In the Domain Signing Profiles section, click Add Profile.
Step 3 Enter a name for the profile.
Step 4 For the Domain Key Type, choose Domain Keys.
Additional options appear on the page.
Step 5 Enter the domain name.
Step 6 Enter a selector. Selectors are arbitrary names prepended to the "_domainkey" namespace, used to help
support multiple concurrent public keys per sending domain. A selector value and length must be legal
in the DNS namespace and in email headers with the additional provision that they cannot contain a
semicolon.
Step 7 Select the canonicalization (no forwarding whitespaces or simple).
Step 8 If you have already created a signing key, select a signing key. Otherwise, skip to the next step. You must
create (or import) at least one signing key in order to have signing keys to choose from in the list. See
Creating or Editing a Signing Key, page 20-10.
Step 9 Enter users (email addresses, hosts, etc.) that will use the domain profile for signing.
Step 10 Submit and commit your changes.
Step 11 At this point (if you have not already) you should enable DomainKeys/DKIM signing on an outgoing
mail flow policy (see Enabling Signing for Outgoing Mail, page 20-6).
Note If you create both a DomainKeys and DKIM profile, AsyncOS performs both DomainKeys and
DKIM signing on outgoing mail.
Creating a New Domain Profile for DKIM Signing
Procedure
Step 1 Choose Mail Policies > Signing Profiles.
Step 2 In the Domain Signing Profiles section, click Add Profile.
Step 3 Enter a name for the profile.
Step 4 For the Domain Key Type, choose DKIM.
Additional options appear on the page.
Step 5 Enter the domain name.