Each domain that sends email can be individually configured to sign outbound messages with DKIM. To enable this feature with Proofpoint, you will need to create a new signing key, add the public key to your DNS, and verify that it's been added correctly. Below are the steps to enable.
- Navigate to Administration > Account Management > Domains.
- Select the domain you want to configure and click the vertical 3 dots on the right-hand side of the Domains table.
- Click on the option labeled Configure DKIM.
- A drop-down menu will appear on the gith side of the screen, listing all the current configured DKIM keys. No DKIM keys will show if this is the first time configuring DKIM for your domains. Click Create New DKIM Signing Key.
- The form will appear asking you to specify a selector. A selector is used to locate the public key in DNS and is not visible to end users. Proofpoint creates a selector value for you, but you can change it if you'd like. Once you have selected the selector you'll like to used, click Create.
- The next screen will give you the hostname and value into you will need to add in your DNS zone. You will be given an opportunity to save the private key in a secure location in case you need it in the future. This is the only time this value will be displayed.
- Once you have added the TXT record in your DNS zone, Proofpoint will need to validate that the record was added correctly. To do so, click the Verify Key button in the key's context menu.
- Once the key is successfully verified, outbound DKIM signing is automatically enabled for this domain. It is recommended to test and confirm messages are signing with DKIM by reviewing the messages headers of messages going out through Proofpoint.