Generate DKIM for Cisco ESA

How do I configure the Cisco Email Security Appliance (ESA) to use DKIM?

By enabling DKIM signature for your domains, you can prevent threat actors from accessing and changing the content of your emails during delivery, allowing you to maintain the integrity of your emails. This eliminates spam and phishing attacks and protects your identity.

DKIM Record Creation for Cisco ESA

• Step 1: Create DKIM signing keys.
  
  • Access your Cisco ESA account.
  • Go to Mail Policy > Domain Keys > Signing Keys.
  • Click on Add Key.
  • Name your DKIM selector (1024/2048 bits).
  • Hit Submit.
  • Your domain now has a key pair.
  • Copy the public key so that it may be put in DNS later.
• Step 2: Create a DKIM signature profile.
  
  • Choose Mail Policy > Signing Profiles.
  • Click on the Add Profile button, type a name, and then choose DKIM from the drop-down menu to establish a domain profile.
  • The domain name, selector, and private key that were produced in the preceding step can be entered in the expanded window that appears.
• Step 3: Choose the OutgoingMail policy under Mail Policies > Mail Flow Policies to allow DKIM signature on an outgoing profile.
  To enable DKIM signing for outgoing messages, click Relayed policy.
  Then scroll down to Security Features and choose “On” in the Domain Key/DKIM Signature area.
  With Cisco ESA, publish your DKIM public key

After receipt of your public key from Cisco ESA:

1. Sign in as the administrator to your DNS provider's administration console.
2. Go to the area for DNS records.
3. Establish a TXT record.
4. Copy and paste the value and hostname.
5. Save your record's modifications and wait 48–72 hours for your DNS to take effect.

Utilize our free DKIM record lookup tool to check and confirm the published DKIM DNS record. To prevent your domains from spoofing, enable DMARC. Register for a DMARC trial right away!