DKIM (DomainKeys Identified Mail) lets your gateway cryptographically sign every outgoing message so that receiving servers can verify the message really comes from your domain and was not altered in transit. Artica Milter signs outbound messages and also verifies inbound DKIM signatures, rewriting the Authentication-Results header accordingly.
example.com before it leaves for the Internet.p=quarantine or p=reject safely.mail2026), publish the new DNS record, then remove the old rule.Open MTA Mail system » Access Control Lists, click New Rule and select DKIM:

The rule appears in the rules list with a DKIM badge:

Like any Artica Milter rule, the DKIM rule needs at least one object to define which messages are in scope — typically your sender domain. See Available objects.
Open the rule and select the Options tab:

| Option | Meaning |
|---|---|
| Domain | The mail domain to sign (the d= tag of the signature). Only messages whose author domain matches are signed. |
| Selector | The DNS selector (the s= tag). The public key is published at <selector>._domainkey.<domain>. |
| Canonicalization | How headers/body are normalized before signing. relaxed/relaxed is the recommended, most tolerant setting. |
| DNS Configuration | Once the key exists, this area shows the exact TXT record to publish in your DNS zone. |
Click Apply. If no private key exists yet for this domain/selector, Artica creates it automatically and stores it under /etc/dkimPKs/<domain>/<selector>.pem.
Copy the TXT record displayed in the DNS Configuration area into your DNS zone:
mail._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkq..."
You can verify the record with:
dig +short TXT mail._domainkey.example.com
Once the record is published, outgoing messages carry a DKIM-Signature: header and receivers report dkim=pass in their Authentication-Results.
For inbound messages, Artica Milter verifies existing DKIM signatures, strips forged Authentication-Results headers claiming your identity, and prepends a fresh Authentication-Results header with the real verification outcome. Downstream filters and mail clients can rely on it.