Short answer:
Xink can reapply DKIM signatures after processing emails. To enable this, add the required CNAME record to your DNS so Xink can sign messages on behalf of your domain.
Why DKIM is affected
DKIM (DomainKeys Identified Mail) is used by Microsoft 365 to digitally sign outgoing emails.
When using Xink server-side, the email is modified after it leaves Microsoft 365. This breaks the original DKIM signature.
In most cases, Xink removes the original DKIM signature, and Microsoft 365 automatically re-signs the message after it is returned.
However, in some scenarios—such as when emails are sent within the same Microsoft 365 tenant—the DKIM signature may not be re-applied.
Solution: Enable DKIM signing in Xink
Xink ReRouter can apply a new DKIM signature after inserting the email signature. This feature is enabled per domain via DNS.
Add the DNS record
Create the following CNAME record in your public DNS:
Host: xinkrr._domainkey Type: CNAME Value: xinkrr._domainkey.xink.io.
Important: The trailing dot at the end of the value is required.
Do not replace the host or domainkey values—enter them exactly as shown.
Propagation and activation
DNS changes can take up to 72 hours to propagate.
The Xink engine checks for this DNS record regularly and will automatically enable DKIM signing once detected.
Result
Emails processed by Xink will be correctly signed with DKIM, ensuring proper email authentication and improved deliverability.
