Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

DKIM setup

Hi all,

I'm doing some research in how to setup DKIM for the company I work for. We are an email service provider and we use two c350d appliances (AsyncOS for Email Security 7.0) to sent out bulk email (permission based, opt in) for our clients. My question is about a 'DKIM for ESP configuration'. Hope you can point me in a good direction.

I have a few clients for who we setup DKIM to sign message headers and this works fine. But, it's a big operation to get all (about 300) of our clients to have them place a txt record into their DNS and also it's hard to join feedback loops who require DKIM to join. For every client we need to set it up.

So, I've looked around and read some articles, and I think we can sign our outbound messages and use the domain of our Return-path.

Any idea how to set this up using the domain profiles?

This is an example I found in my inbox from one of our appreciated fellow esp colleagues, and I hope we can do this too:

Delivered-To: me@domain.com
Received: by 10.216.172.143 with SMTP id t15cs126974wel;
        Wed, 28 Apr 2010 06:04:34 -0700 (PDT)
 
 
Received: by 10.216.88.148 with SMTP id a20mr4793541wef.124.1272459873705;
        Wed, 28 Apr 2010 06:04:33 -0700 (PDT)
 
 
Return-Path: <
bounceaddress@client.esp.com>


Received: from xxx (mta010.esp.com [xxx.xxxx.xxx])
        by mx.google.com with ESMTP id z13si5329866wbd.37.2010.04.28.06.04.32;
        Wed, 28 Apr 2010 06:04:32 -0700 (PDT)
 
 
Received-SPF: pass (google.com: domain of bounceaddress@client.esp.com
designates xxx.xxx.xxx.xxx as permitted sender) client-ip=194.88.231.10;

Authentication-Results: mx.google.com; spf=pass (google.com: domain of bounceaddress@client.esp.com designates xxx.xxx.xxx.xxx as permitted sender) smtp.mail=; bounceaddress@client.esp.com

dkim=pass header.i=@esp.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; s=sel001; d=esp.com;
h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type;
bh=rwshpxhHZOePhXOvJDYH8zWYlvIsfdKi3kCVtyB8SdQ=;
b=NV8afpND2eF1ErfPUOmxcU3IiGlADAIIB05gcB3DaYLSrcyx09njubEM9Y6Tht4OoV2RXdHG9a+e
   LJ+kk9hCjNEs1zFdnhpkp+qkRmhJPhpiaw6CJfU0bytSqG84UBdEEeWJNG/fTqvnMCw
   mhdT3uCxxnyAJVpvrEg=

Date: Wed, 28 Apr 2010 15:04:32 +0200 (CEST)
From: Client Name <
info@clientdomain.nl>
Reply-To:
info@clientdomain.nl
To: me@domain.com
Message-ID: <5018521.500941272459872412.JavaMail.mail@smtphost>
Subject: Hope you can help me

When I setup a domain profile for our bounce domain, I cannot have users from a different 'From' domain attached to the profile. This keeps the mail sent out by our clients from being signed.

Thank you, hope I made this a little bit to understand for you guys.

Wouter

466
Views
0
Helpful
0
Replies
CreatePlease to create content