Setup DKIM for HCL Domino 12.0.2

Finally we can setup and use DKIM email authentication in HCL Domino. Here are the steps for adding DKIM in Domino and DNS.
The actions are my actual commands for adding DKIM to my angioni.nl domain.

Create your DKIM Signing keys in Domino

keymgmt create DKIM <domain> <selector> RSA [<keySize>]
<domain> is the name of the Domino Internet domain
<selector> is the name of your choice for the DKIM selector. The selector is specified in the DKIM-Signature header and indicates where the public key portion of the DKIM keypair exists in DNS.
<keySize> is the specified size for the DKIM key. Size can be 1024, 2048 or 4096.

keymgmt create DKIM angioni.nl 0031038 RSA 2048

Export the DKIM information to a textfile for getting the DNS information

keymgmt export DKIM DNS <domain> <selector> <dkimdnsfile>

keymgmt export DKIM DNS angioni.nl 0031038 dkimdns-angioni.nl.txt

My textfile contains the following information

v=DKIM1; k=rsa; p=<public-key>;

Add DKIM information into the DNS-Zone for your domain

Name = 0031038._domainkey
Type = TXT
Value = "v=DKIM1; k=rsa; p=<public-key>;"

Add SPF Record into your DNS-Zone for your domain, if it’s not already added where the ipaddress (ip4) represents your mx ipaddress for the outbound mailflow.

Name = <leave it empty>
Type = TXT
Value = "v=spf1 ip4:199.103.4.211 -all"

Add DKIM information in your Domino notes.ini

DKIM_KEY_angioni.nl=0031038
RouterDKIMSigning=1

Restart Domino after all these change

When sending an email to, lets say M365, it looks like this in the headers:

The most important things you can see in the headers:
dkim=pass (signature was verified)
compauth=pass

Hits: 721

You may also like...

2 Responses

  1. Quin Filipowicz says:

    What does this number represent? 0031038

    • angioni says:

      That is the name of your choice for the DKIM selector. The selector is specified in the DKIM-Signature header and indicates where the public key portion of the DKIM keypair exists in DNS.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.