We would like to change our DMARC policy to reject any messages that are not using our DKIM signature to prevent others from using our domain in phishing schemes. Since Luminate Online generates their own DKIM signature, this would cause our emails sent from Luminate to be rejected by Email Service Providers that pay special attention to DMARC authentication. Can we obtain a unique DKIM signature from Blackbaud so we can publish that in our DNS server?
Blackbaud's IT department can generate a DKIM signature and sign Luminate Online emails with it, at which point your DNS host would need to publish the same signature. Please contact Support and provide this article number and the domain that you would like to be DKIM/DMARC signed. Luminate support will provide you with the public key to be published in the DNS server for your domain. Blackbaud can generate multiple DKIM signatures if you will be sending from multiple domains. You will need to provide Blackbaud with a list of the domains you would like DKIM signatures generated, and then you will need to have your DNS host publish the signature for each domain. An important thing to note about this process is that it will not increase your deliverability with email service providers. This process is intended to give clients the option of using a strict DMARC policy. With that being said, this process is intended to accomplish security goals, not to increase deliverability.
Note: Luminate support can not assist with the implementation of DKIM for your DNS server. We will provide you with the DKIM signature, but it is your DNS host who is responsible for publishing it.
Warning: Please leave your DMARC policy set to 'none' until the implementation is completely finished and properly verified in tests. Support will advise you on when you are okay to change your policy.