Inbound Filter - DKIM Verification Targets
The DKIM Inspection List (page header: DKIM Verification Targets) lists domains whose mail SGuard must verify against the sender's DKIM signature. Mail from a listed domain that fails DKIM verification is rejected or routed to the Block DKIM mailbox.
Page Layout
The page header reads Inbound Filter - DKIM Verification Targets. The sidebar entry uses the shorter label DKIM Inspection List.
Search Criteria
A two-field search bar:
| Field | Purpose |
|---|---|
| Domain | Free-text input — narrow by the domain being verified |
| Registrant | Free-text input — narrow by who created the rule |
A blue Search button applies the filters.
Action Bar
A counter (for example TOTAL - 0) is followed by:
| Button | Purpose |
|---|---|
| Add | Open the Add DKIM Verification Target dialog |
| Delete | Delete the targets selected by the row checkboxes |
The View 30 dropdown on the right controls page size.
Columns
| Column | Description |
|---|---|
| ☐ | Row selection checkbox |
| No. | Sequential row number |
| Group | Group the verification target applies to |
| Domain | The domain whose mail must pass DKIM verification |
| Registrant | Administrator who added the target |
| Registered Date | Timestamp the target was added |
How DKIM Verification Works
DKIM (DomainKeys Identified Mail) lets a sending domain cryptographically sign its outbound mail. The receiver verifies the signature against a public key published in the sender's DNS. A passing signature proves that:
- The mail genuinely originated from the claimed domain
- The mail body and key headers were not modified in transit
Adding a domain to this list tells SGuard: "Any mail claiming to be from this domain must produce a valid DKIM signature. Reject anything that does not." This is the strongest defense against spoofing for the listed domain.
When to Use
Add a domain to this list when:
- The domain belongs to a high-value sender (your company, key partners, financial institutions)
- The domain has published a DKIM record in DNS — verification is impossible without one
- You have confirmed the domain's mail systems sign every outbound message
Do not add a domain whose mail systems do not sign every message. Mail from forwarders, mailing lists, or older systems frequently arrives without a DKIM signature even when the domain has published a key — listing such domains will reject legitimate mail.
The mail rejected by this rule lands in the Block DKIM mailbox, not the Spam mailbox. Review that mailbox after adding a new target to catch false positives.