This guide is intended to assist Systems Administrators implement DomainKeys Identified Mail (DKIM) email authentication in Schoolbox. DKIM support was added in version 22.1.
DKIM enables the email recipient to verify that an email that claims to come from a particular domain was indeed authorisied by the owner of that domain.
How does it work?
Schoolbox sends two general forms of email:
- From a system email address configured in the admin area (
Email From Address
), egschoolbox@domain1.com
- On behalf of end users of the system. eg
john.smith@domain2.com
In these examples the domains are domain1.com
and domain2.com
respectively.
The following steps illustrate how DKIM enables email sent from these domains to be verified by the recipient and ensure delivery.
- For each domain the system sends mail from (
domain1.com
anddomain2.com
in the example above) and for which DNS management is available:- a public/private keypair is generated via the Schoolbox admin interfaces at
/adminv2/email-dkim
- the public key is used to create a DNS TXT record in the domain's DNS zone
- a public/private keypair is generated via the Schoolbox admin interfaces at
- When Schoolbox generates an email from a domain for which a public/private keypair has been generated:
- Schoolbox signs the email with the private key and routes the message to the recipient's mail server
- The recipient mail server fetches the public key from the domain's DNS and verifies the message signature
- The recipient mail server uses the signature verification result and other reputation factors (sending IP, message content, SPF, DMARC policy etc) to determine whether to deliver the message, mark the message as spam, or reject it.