DKIM (DomainKeys Identified Mail) protects email integrity by signing a message based on its exact content at the time of sending.
When Crossware applies a server-side signature, the email body is modified. As DKIM relies on the original message content:
-
The existing DKIM signature no longer matches the message
-
The original DKIM signature becomes invalid and is removed
Crossware does not perform DKIM signing and does not re-sign messages after processing.
What happens after processing
Once Crossware has applied the signature, the email is returned to your mail service for delivery.
At this stage, your mail platform applies a new DKIM signature before the message is sent externally.
Important notes
-
This behaviour only applies to server-side signatures
-
DKIM headers are not always present on internal messages
-
External messages are re-signed by your email platform after Crossware processing
-
Crossware does not use or manage customer DKIM keys
-
ARC (Authenticated Received Chain) sealing is not currently supported
DKIM signing is always performed by the final sending service. As Crossware modifies the message before delivery, responsibility for DKIM signing remains with your email platform.
Previously, Crossware recommended using a formula to remove DKIM headers. This is no longer required, as the service now automatically removes these headers during processing.