...
- The mosamuseum institution add the two following DNS records in their zone (to enable updates of keys)
stxsel1._domainkey.mosamuseum.com. IN CNAME sel1-mosa._domainkey.dkim.secutix.com.
stxsel2._domainkey.mosamuseum.com. IN CNAME sel2-mosa._domainkey.dkim.secutix.com.
!!! Be careful to change:
domain name "mosamuseum.com" with the domain name which is defined in Sales Channels (Parameters => Sender email)
institution code "mosa" with the institution code
- The customer opens a service support request in order to enable signature of outgoing emails
- SECUTIX generates a pair of DKIM public/private key for two given selectors
SECUTIX signs all emails sent with the DKIM private key. This signature is included in the header of the email.
Setup DMARC
Introduction to DMARC
DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email. Source: https://dmarc.org/.
DMARC - Procedure to follow
- The mosamuseum institution publishes a DMARC record in its DNS, following https://support.google.com/a/answer/10032473.
- The mosamuseum institution checks that record using https://mxtoolbox.com/dmarc.aspx: it shouldn't include any errors (i.e. anything flagged with
).