Important: After updating or creating a selector be sure to restart your SMTP and Queue Manager services.
Example: DNS Text Record set to MyDNSName will be named
Tip: Remember to check for the "p=" in front of the key
Private Key. Text box displaying text string of Private Key. The private key is stored securely on the mail server and is used to sign all outgoing messages.
Hash Algorithm. SHA (Secure Hash Algorithm) hash functions are a set of cryptographic hash functions designed by the NSA and published by the NIST as a US Federal Information Processing Standard.
Body Settings. Options for body length limits when signing.
Expiration. When both the Timestamp and Expiration Tag are set, then a validation check will be done to verify that the Expiration Tag is greater than the Timestamp when the signature is verified.
Domains can easily be assigned to a selector, allowing the domain to use as a signature.
Available Domains not Assigned
The left box displays all available domains that do not have the selector assigned.
(Add Domain to Selector). Select an available domain and click to add to the current selector.
(Remove Domain from Selector). Select a domain from the domains currently assigned and click to remove the current selector.
(Add All Domains to Selector). Click to add all available domains to the current selector.
(Remove All Domains From Selector). Click to remove all domains from the current selector.
Assigned Domains for Current Selector
Enable All. Click this button to activate all the assigned selectors.
Disable All. Click this button to deactivate all the assigned selectors. The selector will be assigned to all the domains, but the selector will be disabled for use as a domain signature.
Test DNS Setup. Click this button to test the current selector against your current DNS setup. The DNS Test button will display "successful" for each domain. A link to assist with DNS problems will display for domains that "failed".
Sign All Headers when setting Prevent Adding for a signature will be unchecked, unless the header list is specified otherwise.
Warning: Disabling the default set of headers to be signed opens the possibility of header modifications and spoofing depending on the headers that are being signed.
DomainKeys / DKIM Headers
By default (RFC minimum recommendation) the following headers are set for signing:
TIP: The default headers are recommended as the minimum headers necessary for maintaining secure header signing.
DomainKeys Header List
DKIM Header List
Tip: Max Number to Sign and Sign All are not available for update when the "Sign All" check box is set.
Add Header. Click the Add button to create a custom header or select a header from the drop down for a list of all headers.
Edit Header. (DKIM functionality only) Select a header and click the Edit button to update the header options.
Delete Header. Select a header and click the Delete button to remove.
Note: To maintain a secure header signing, it is not recommended to remove a default header.