Target
Customers who use DKIM functionality in HENNGE Email DLP are the target.
Purpose
We will confirm the effectiveness of the DKIM functionality enabled in HENNGE Email DLP.
Notes
The content of this article is based on the product as of January 2024 and may be subject to change without notice thereafter.
Reflection in DNS
How to Use "Google Admin Toolbox Dig"
1. Set the DKIM FQDN as follows in the name
<Selector Name set in HENNGE Email DLP>._domainkey.<Domain under investigation>
2. Choose TXT
3. Ensure that the public key enabled in the "DKIM settings" of HENNGE Email DLP matches the output result
Check the Headers of Received Emails
To confirm that the DKIM signature enabled in HENNGE Email DLP has been successfully authenticated on the recipient server, please refer to the headers of received emails. Please refer to the manual of the mailer you are using for how to check email headers.
Below is an example of email headers obtained in Gmail (@gmail.com).
As a premise, DKIM signatures are added in both Google Workspace / Microsoft 365 and HENNGE Email DLP services.
■ When there are attached files and either ZIP encryption or URL by Secure Download is applied
Things to Check
Authentication-Results Header
① There is a selector name of the DKIM setting added to HENNGE Email DLP in "header.s=" and the corresponding line "dkim=" is passing
② There is a selector name of the DKIM setting added in Google Workspace or Microsoft 365 in "header.s=" and the corresponding line "dkim=" is neutral (body hash did not verify)
③ "arc=" is passing, and "dkim=pass" is in parentheses
DKIM-Signature Header
Please confirm the following two points
It is the domain name of the sender address authenticated by DKIM in "d="
It is the selector name set in HENNGE Email DLP in "s="
X-HDEMS-MO-TENANT Header
⑤ There is a corresponding header and the value is "Tenant domain"
※ The tenant domain is included in the URL of the HENNGE Email DLP management console
https://console.mo.hdems.com/#/<Tenant domain>
■ When there are no attached files or no ZIP encryption or URL by Secure Download
Things to Check
Authentication-Results Header
①② "dkim=" is passing
DKIM-Signature Header
③ Please confirm the following two points
It is the domain name of the sender address authenticated by DKIM in "d="
It is the selector name set in HENNGE Email DLP in "s="
X-HDEMS-MO-TENANT Header
④ There is a corresponding header and the value is "Tenant domain"
※ The tenant domain is included in the URL of the HENNGE Email DLP management console
https://console.mo.hdems.com/#/<Tenant domain>
Reference
Add a domain to an existing DKIM