If you send mail outbound through Pobox (using webmail or smtp.pobox.com) from your personal domain, we sign your message with 2 DKIM keys: our own key, and a key we generate for your domain.
If we handle DNS for your domain, we automatically publish this public key — you don't need to do anything to take advantage of the benefits of a DKIM-signed message.
If you handle your own DNS for your domain, you need to publish the public key yourself to receive the benefit. Please go to your MyPobox page to see the DKIM public key for your personal domain and the subdomain you should publish it in a TXT record for. As each domain name service provider has slightly different instructions, we encourage you to contact your DNS provider if you are unsure how to set this record up. If you are unsure who your DNS provider is, please feel free to contact us.
DKIM is an email authentication standard that allows us to sign email you send with a particular domain. It's also used by the receivers of the email to confirm that the email was signed by that domain and hasn’t been altered. All email sent by Pobox is DKIM signed.
In the original design of DKIM, the domain that signed the email had no particular relationship to the domain in the
From address of the email. This was particularly useful for large email providers like us. We have 10,000′s of domains, but would sign all email with just our "generic" domain.
However, this is now changing. Standards like DMARC explicitly link the domain of the email address in the
From header to the DKIM signing domain. Also Gmail shows any email sent with a
From domain that’s different to the DKIM signing domain with an extra "via pobox.com" notice next to the sender name.
It is best for email sent from your custom domain to be signed by that domain. If you host your DNS with Pobox, then we handle this automatically for you. If you only point your MX records at us, you will have to manually set your DKIM records.