I am going to try and post this on the community hoping that it saves someone some time and headache. Sophos has finally just released the ability to sign outgoing mail with DKIM. The instructions are missing a very important piece of information. When you create the TXT record you must append the following to the “Name” field of the record that Sophos gives you:
._domainkey
It must include the period before _domainkey Your txt record "name" should look like sophos3253452435bunchofnumbersandletters3445._domainkey
I am also getting a false negative when validating the TXT record within the Central dashboard where you configure the DKIM key. It states that there is a mismatch but, that’s not correct. DKIM checkers using the selector and domain name show correct when checking the DNS. Once I activated the feature ignoring the dns mismatch error and sent test emails to mail-tester.com and mailtest@unlocktheinbox.com both tests confirm that the emails are being signed correctly.
**Also take note. If you have multiple domains, the key will remain the same, but you will have a different selector for each domain. This is the “Name” field. You can find this by going back to the domain list and then clicking on the domain key link you will notice the “name” is different for each domain. You will need to create a TXT record for each domain.
Added tags
[edited by: Raphael Alganes at 5:12 AM (GMT -7) on 8 Jun 2023]
