Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Administrator (domain owner) publishes a public key into the DNS name space.

Administrator loads a private key in the outbound Mail Transfer Agent (MTA).

Email submitted by an authorized user of that domain is digitally signed with the 
respective private key. The signature is inserted in the email as a DomainKey or 
DKIM signature header and the email is transmitted.

Receiving MTA extracts the DomainKeys or DKIM signature from the header and 
the claimed sending domain (via the Sender: or From: header) from the email. The 
public key is retrieved from the claimed signing domain which is extracted from 
DomainKeys or DKIM signature header fields.

The public key is used to determine whether the DomainKeys or DKIM signature 
was generated with the appropriate private key.

To test your outgoing DomainKeys signatures, you can use a Yahoo! or Gmail 
address, as these services are free and provide validation on incoming messages 
that are DomainKeys signed.

DomainKeys and DKIM signing in AsyncOS is implemented via domain profiles 
and enabled via a mail flow policy (typically, the outgoing “relay” policy). For 
more information, see the “Configuring the Gateway to Receive Mail” chapter in 
the Cisco IronPort AsyncOS for Email Configuration Guide. Signing the message 
is the last action performed by the appliance before the message is sent.