Enabling DKIM with Mimecast and Creating the Outbound Signing Policy

1. Login to your Mimecast account.
2. Navigate to Administration dropdown menu, and on the menu, select Gateway > Policies.

3. In the Polices page, click on Definitions, and from the dropdown menu select DNS Authentication - Outbound.

4. Now you will create a new DKIM policy where you will need to fill in the description box, select the domain from the lookup list, and name your DKIM selector.

5. In the DKIM length category, you can select either 1024 bits or 2048 bits if you want more secure encryption. Then click Generate.

6. Mimecast will then display a DNS record. Enter this DNS records with your DNS host provider.

7. Once the TXT record has been added in your DNS return back to Mimecast and validate the DNS record.

1. In the Mimecast Portal, go to Administration > Gateway > Policies
2. Click New Policy and select DKIM signing.
3. Configure the policy as follows:
   1. Policy Narrative: Provide a name, for example, "DKIM for example.com"
   2. Emails from: Your sending domain. You are given the option of typing your domain.
   3. Email To: Make sure the Applies To is set to External Addresses. Specify to apply to all external recipients.
   4. Validity: Make sure this is set to Enable. Set policy to Always On. Everything else in this section can be left blank.

1. Send a test message to an external user or you may use a tool like mail-tester.com.
2. Verify that the DKIM signature is included in the headers and that it passes.

After following all the steps above, DKIM should now be fully set up and signing your outbound messages as expected through Mimecast.