Adding a DKIM signing rule

To add a DKIM signing rule:

Steps

  1. Navigate to Email > Policies > [policy name] > Antispoofing tab.
  2. Under DKIM Signing, click Add.
  3. On the Add DKIM Signing Rule page, enter a rule name.
  4. In the Sender domains/subdomains field, add one or more sender domain/ subdomains that will be signed by this rule, separated by a line break.
    Note: Sender domains/subdomains can appear in only one signing rule.
  5. In the Signing domain field, enter the domain that will be used as the signing domain for this rule.
  6. Optionally, select Enable granular DKIM sender/recipient options to include or exclude specific senders, or sender/recipient combinations. Otherwise, click Submit.
  7. Using the options that appear, select either:
    • Sign messages from these addresses to sign messages from specific addresses, or
    • Do not sign messages from these addresses to sign messages from all senders within your sender domains except specific addresses.
  8. In the Senders field, enter one or more email addresses for the senders who will be included or excluded by this rule. Email addresses must be separated by a line break. Use *@domain.com to include all addresses for a domain.
    Note: This field is required when granular sender/recipient options are enabled.
  9. In the Recipients field, optionally enter recipients that will be included or excluded by this rule. Email addresses must be separated by a line break. Use *@domain.com to include all addresses for a domain.
    • When Sign messages from these addresses is selected, only messages from a specified sender address to any of the entered recipient addresses will be signed.
    • When Do not sign messages from these addresses is selected, messages from all addresses within your sender domains will be signed, except for messages that are from a specified sender address to any of the specified recipient addresses.
  10. Click Submit.
    Once you have added a signing rule, the service checks the CNAME records for your signing domain. If the CNAME record check fails, an error message is shown. A rule cannot be enabled until the CNAME record check has passed.