Introduction
This document describes how to verify that DKIM works.
Verification
On the Cisco Email Security Appliance (ESA), the easiest way to verify that DKIM is working is to send an email to an outside account and check the headers. In the example below, a message was sent to a @gmail.com account:
Delivered-To: user@gmail.com
Return-Path: <bob@example.com>
Received-SPF: pass (google.com: domain of bob@example.com
designates <IP Address> as permitted sender)
client-ip=<IP Address>;
Authentication-Results: mx.google.com; spf=pass
(google.com: domain of bob@example.com designates
<IP Address> as permitted sender) smtp.mail=bob@example.com;
dkim=pass (test mode) header.i=bob@example.com
You should see the dkim=pass in the Authentication-Results line.
Note: Please be aware that some clients such as Yahoo tend to strip many headers. Please check this on multiple clients to be sure it is working.
You may also refer to some of these external sources for verifying your configuration:
http://www.kitterman.com/spf/validate.html
dkim-test@testing.dkim.org
There are various other Reflectors available as well:
Currently verifying with RFC4871:
Port 25: check-auth@verifier.port25.com
Currently verifying both RFC4871 (and RFC4870):
Alt-N: dkim-test@altn.com
Currently verifying both RFC4871 (and RFC4870):
Sendmail: sa-test@sendmail.net
Currently verifying both draft allman-00 and allman-01:
Elandsys: autorespond+dkim@dk.elandsys.com
Currently verifying both RFC4871 (and RFC4870) :
Blackops: dktest@blackops.org
Related Information
Feedback