Setting Up Spam Protection Based on DomainKeys
To switch on spam protection based on DomainKeys:
- Go to Server > Mail.
- Under the DomainKeys spam protection group, select the following options:
- Allow signing outgoing mail. Selecting this option allows you and your customers to switch on support for DomainKeys e-mail signing on a per-domain basis through the domain administration screens of the control panel (Domains > domain name > Mail > Preferences > Use DomainKeys spam protection system to sign outgoing e-mail messages option). It does not automatically switch on signing of outgoing e-mail messages.
- Verify incoming mail. Selecting this option will configure the DomainKeys system to check all e-mail messages coming to e-mail users under all domains hosted on the server.
- Click OK.
Now your mail server will check all incoming e-mail messages to ensure that they come from the claimed senders. All messages, sent from the domains that use DomainKeys to sign e-mail, which fail verification will be discarded. All messages, sent from the domains that do not participate in the DomainKeys program and do not sign e-mail, will be accepted without verifying.
To switch on signing outgoing e-mail messages for a single domain:
- Go to Domains > domain name > Mail > Preferences.
- Select the Use DomainKeys spam protection system to sign outgoing e-mail messages check box.
- Click OK.
To switch on signing outgoing e-mail messages for a number of domains at once:
- Click Domains.
- Select the check boxes to the left of the domain names you need. To select all domains in the list, select the upper left check box in the column heading.
- Click Group Operations.
- Under Preferences, select the Switch on option next to the Use DomainKeys spam protection system to sign outgoing e-mail messages field.
- Click OK.
Now, the following will happen for the selected domains:
- Private keys are generated and placed in the server's database.
- Public keys are generated and placed in the TXT resource records created in the domains' DNS zones.
- The sender's policy advertised in the DNS TXT resource records is set to "all e-mail messages sent from this domain must be cryptographically signed; if someone receives an e-mail message claiming to originate from this domain, which is not signed, then this e-mail must be discarded."
- Outgoing e-mail messages are digitally signed: the "DomainKeys-Signature" header containing a signature based on a private key is added to the message headers.