Signs outgoing e-mails with DomainKeys Identified Mail Signatures (RFC 6376).
DKIM (DomainKeys Identified Mail) is an important authentication mechanism to help protect both email receivers and email senders from forged and phishing email.
How does it work?¶
DKIM works by signing each e-mail that Zotonic sends with a private key. The public key part is exposed through a DNS TXT record, with which email receiver can check whether the email actually originated from the domain that it claimed to come from.
The generating of the keypair depends on the
utility to be available in
This RSA keypair is generated automatically when the module is
installed, and the private/public keys are put in the directory
sitename/dkim/. When the module is active and the keypair has been
generated, all outgoing e-mail will be signed.
The receiving e-mail server checks the validity of the signature by doing a DNS lookup. To configure DKIM, you will need to add this DNS entry to your domain where you send the mail from.
In the admin, the page
/admin/email/dkim, available under
(“Modules” / “DKIM e-mail setup”) provides information how to
configure this DNS entry, including the text to copy-paste into the
By default, the DKIM selector is set to the string
will result in DNS lookups to the
domain. You can change the selector name by adding a config value