Welcome to the mailbox.org user forum!

DKIM and DMARK for a personal domain

1935970 shared this question 2 months ago
Need Answer

Hi everyone,

I succesfully configured my personal domain, with SPF working correctly.

Checked with mail-tester.com and it gives an high score, so probably it will never end to the spam folder.

But I've also tried to send to a gmail address and, unfortunately, it will end in the spam folder.

Then I found the DKIM and DMARC debate and other users talking in this forum.

There's also a video of Peer Heinlein explaining this https://www.heinlein-support.de/sites/default/files/SPF_DKIM_Greylisting_CLT-2011.mp4

But German it's not my native language, so even translating something I can't understand everything.

Finally found in the knowledge base some info about DKIM and it says is only available for business users.

With a personal domain is not possible to get DKIM and DMARC? I'm a freelance anyway , don't own a business.

Comments (7)


The blog post released a week or so ago mentioned DKIM will be coming to non-business custom domain owners in the upcoming weeks. Check out the blog for more details. I believe the blog date was 11/14 or 11/15


Thanks for your reply!

I didn't read the last blog post till the end. Yes, it says in a few weeks. So we have to wait for more info.


I second this issue about DKIM signature.

As my email is reported by https://haveibeenpwned.com and my laptop was hacked a year ago, I have become very concerned about security. This is why I chose to register mailbox.org and delegate my MX.

So please choose to sign DKIM in strict mode, otherwize it has no or little effect.


I received DMARC reports from dmartian indicating that someone is using my domain to send emails. So I added this issue in support #732 asking for DKIM for my domain. If you could help this would be nice.


I've done a little bit of research on DKIM, SPF and DMARC and found that the best solution for me is to generate the keys by yourself.

First, install openssl on your machine. It's available for every GNU/Linux distro and Windows I think.

In a terminal put this strings:

  1. openssl genrsa -out private.key 1024
  2. openssl rsa -in private.key -pubout -out public.key

If you want a 2048 bit key change "1024" with "2048".

With a TXT record you have to add:
dkim._domainkey as a host name (change "dkim" with everything you want e.g. "default, key1" etc).
in the value part v=DKIM1; k=rsa; p=your/generated/key

The SPF it's easy and reported in the support section of mailbox.org site, just add in a TXT record:

  • v=spf1 include:mailbox.org and leave the host empty.

DMARC it's just a string, you don't have to generate nothing, again in a TXT record put:

  • _dmarc in the host part
  • v=DMARC1; p=none; rua=mailto:youraddress@yourdomain.TLD

(You can create an alias just for DMARC like reports-dmarc@yourdmain.TLD)

Hope this helps you.


Do you put the public or private key in de TXT record? Where do you place the other key?


Public key in the TXT record.

Keys should be located here I think: /etc/opendkim/keys.

But it's not working in our scenario, because we don't have backend access to mailbox.org servers.

So, the previous post was wrong, unless you have your own server or a cloud VPS and running Postfix, Dovecot etc by yourself.