Each private key is stored as a text file in the main or home directory of LISTSERV (that is, the directory where the *.list files are) and must be named xxx.dkim, where xxx is the arbitrary name you choose to give the key. If you only use one key, it is recommended to name it default.dkim.

The file is created in the usual openssl/RSA format, with one minor modification. Here is an example:

The first line in the file must include a specification for the 'd=' and 's=' parameters of the DKIM signature (in whatever order, as long as they are both there). Per the controlling Internet Draft for DKIM, these variables specify the domain for which you are signing ("d=") and the "selector" that is used to form the query for the public key ("s="). For instance, let's say that your public key is registered as follows in the DNS:

The domain would then be d=example.com, and the selector would be s=brisbane.

Please see Using LISTSERV with DKIM for more information.

Note: We strongly recommend the use of the "t=y" test flag when you are first trying out DKIM. Otherwise a simple mistake in your DKIM configuration could cause verification failure for mail coming from your domain, and other sites that have implemented DKIM will reject your mail.

Then add a DKIM_SIGN variable containing a space-separated list of domains that you are able and willing to sign for. You can use wildcards, but only of the form '*.EXAMPLE.COM'. You can't use, for instance, 'SALES.EXAMPLE.*'. For each entry in the list, specify the key to be used, as follows:

By default, the key called DEFAULT is used (if one exists). So in the sample above, the key for EXAMPLE.COM will be fetched from DEFAULT.DKIM, whereas the key for EXAMPLE.CA will come out of CA.DKIM.