I have a work project that requires adding DKIM and DMARC. I was familiar with both, but hadn’t actually set them up myself yet. Thankfully, PHPMailer seems to have pretty good DKIM support built-in, as well as an example script to set up the public/private key pair.

I made a couple small changes in that example script. First I set up a full path to where I wanted the PEM files to be saved.

define('KEYFILE_DIR', '/replace/with/full/path/');
$privatekeyfile = KEYFILE_DIR . $selector . '_dkim_private.pem';
$publickeyfile = KEYFILE_DIR . $selector . '_dkim_public.pem';

I wanted the private key to be encrypted with a passphrase, so I changed the export-to-file line to this:

openssl_pkey_export_to_file($pk, $privatekeyfile, $passphrase);

After setting the $domain and $selector variables, running the script created the public and private key files and displayed the information needed to set up the DNS record. The script chunked the public key into 255-character segments because some DNS systems don’t like longer text. In our experience, though, we didn’t need the chunking, so we used the public key with the PEM wrapper removed.

Adding a few lines of DKIM configuration (from another of their example scripts) was all I needed to include DKIM Signature header with each message. I tested with a message sent to a Gmail address and it showed it was signed by the domain. Viewing the full email headers, I could also see dkim=pass in a couple places. I also used the Google MessageHeader tool to paste in the full email headers and it confirmed DKIM passed.