Overview
This article shares information about adding DNS records such as DKIM and DMARC to Kerio Connect for protecting and securing your domain. The procedure covers adding DKIM and DMARC records and confirming the successful configuration using various platforms and methods.
You need access to the Kerio Connect Webadmin and the DNS Administration console.
Information
Adding DKIM and DMARC Records
- Log in to the Kerio Connect Webadmin.
- Go to Open Configuration > Domains.
- Double-click on the necessary domain and, under the DomainKeys Identified Mail (DKIM) section, check the Sign outgoing messages from this domain with DKIM signature option.
- Click on the Show public key... button and copy both the Record name and the TXT value.
Note: DKIM TXT value cannot be changed to a custom option, as it is hardcoded in the source code. Additionally, please note that Kerio Connect does not support the
c=relaxed/relaxed
setting. - Open your DNS Hosting Administration.
- Go to Your_Domain_Name > Manage records > Add TXT record.
- Paste both, the Record name and TXT value that you copied in step #4.
- For the DMARC record, you can choose to either
quarantine
orreject
the messages, as seen in the example screenshot below:
Common issues
- If you receive an error saying 'DKIM public key for your domain is wrong'
- Check the DKIM record to ensure that the key is of the correct length.
- If the Kerio Connect host OS is set to use a local/private DNS server, make sure the record is also added to it.
- Validate the DKIM record using the DKIM tool on MXToolbox.
- Sometimes an error occurs in the validation of the DKIM record because of copying the enclosing quotes from the DKIM generator output.
- Make sure that the TXT record value is correct, without the enclosing quotes.
- If your DNS provider does not support 2048-bit DKIM keys, refer to Generating a 1024-bit DKIM key when not able to add the default 2048-bit DKIM key into DNS.
- DKIM record updates take time to propagate. Sometimes up to 72 hours to propagate worldwide, although it typically takes a few hours. Read more about DNS propagation.
Testing
There are various ways to confirm if the DKIM/DMARC records were configured correctly. Refer to the sections below to learn more:
Appmaildev
- Open the Appmaildev website, and click on the Next Step button to generate a random email address.
- Log in to your Webmail.
- Compose a new email and send it to the newly generated email address.
- Confirmation: You receive a report like the following:
Mail-tester
- Open the Mail-tester website and type in your Domain name.
- Click on the CHECK SPF & DKIM KEYS.
- Confirmation: You receive a report like the following:
DMARCian
- Go to the Dmarcian website and type your domain name.
- Click on the Check Domain button.
- Confirmation: You receive a report like the following:
MxToolbox
- Go to the DKIM MxToolbox website or DMARC MxToolbox website and type in your domain.
- Click on the DKIM Lookup or DMARC Lookup button.
-
DKIM
-
DMARC
-
- Confirmation: You receive a report like the following:
-
DKIM
-
DMARC
-
Further Reading About DKIM/DMARC
If you would like to learn more about DKIM/DMARC, please feel free to read the following articles: