How to Set Up DKIM for Cisco Email Security Appliance (ESA)?

October 11, 2023  |  2 min read
Cisco

DomainKeys Identified Mail (DKIM) is a method for email senders to digitally sign email messages in a way that can be verified by email receivers. This allows receivers to verify that the message truly came from the sender, and has not been tampered with. DKIM is intended to address some of the flaws in the existing email system, such as spoofing, phishing, and message tampering.

Steps to Configure DKIM for Cisco Email Security Appliance (ESA)

Step 1: Configure DKIM signing keys: 

  • Log in to your Cisco ESA account.
  • Go to Mail Policies, Domain Keys, and Signing Keys.
  • select “Add Key”
  • Give your DKIM selector (1024/2048 bits) a name and select  Submit
  • Your domain now has a key pair established.
  • Copy the public key that will eventually be stored in DNS.

Step 2: Configure a DKIM signing profile:

  • Select Mail Policies > Signing Profiles to establish a domain profile.
  • select “Add Profile” from the menu.
  • Give your name, then choose DKIM from the drop-down menu.
  • You can input the domain name, selector, and private key that were made in the preceding step in the expanded window that appears after you do so.

Step 3: Enable DKIM signing on an outgoing profile

  • Go to Mail Policies > Mail Flow Policies from the menu.
  • Click on the OutgoingMail policy.
  • Scroll down to Security Features after selecting Relayed policy.
  • To enable DKIM signing for outgoing messages, click on in the Domain Key/DKIM Signing field.

How to Get Your DKIM Public Key Available for Cisco Email Security Appliance (ESA)

After receiving the public key from Cisco ESA follow the following procedure: 

  1. Sign in as the administrator to your DNS provider’s administration console.
  2. Go to the DNS records section of each of your domains.
  3. Depending on the type of DKIM record that has been provided to you, generate a TXT or CNAME record.
  4. Copy and paste the hostname and value
  5. Save your record’s modifications and wait 48–72 hours for your DNS to take effect.

Use our free DKIM record lookup tool to validate the published DKIM record.

You can use Skysnag’s free DKIM Checker to check the health of your DKIM record here

Enable DMARC for your domains to protect against spoofing. Sign up for a free trial today!

For more information on Cisco ESA DKIM setup, you can refer to their reference documentation

Check your domain's DMARC security compliance

Enforce DMARC, SPF and DKIM in days - not months

Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.