Skip to main content

How to specify a key server in the SRV record

Finding the correct PGP key of an e-mail recipient is a frequent problem for anyone who uses e-mail encryption to communicate securely with others. Certain software applications will be able to determine the right keys to use automatically, but only if the "HKPS-SRV" record for the e-mail domain was configured correctly in the Domain Name System (DNS) beforehand.

If you use mailbox.org Guard with external (non-mailbox.org) e-mail addresses and wish to enable others to access your OpenPGP keys automatically, then you may set the "SRV" record accordingly to use our key server for your domain. The following procedure is similar to the steps described in more detail in this article: SPF, DKIM, and DMARC: How to improve spam reputation and avoid bounces

mailbox.org offers this feature out of the box and it also works for those who use our e-mail service together with a custom domain name. However, in the latter case a particular DNS setting must be made first, so that clients know which server to adress. Furthermore, Guard needs to be set up correctly.

In the syntax of DNS protocol a valid configuration will look like:

_hkps._tcp.example.com IN SRV 1 1 443 pgp.mailbox.org.

example.com has to be replaced by your custom domain.

With most providers, you can simply add these entries with four simple steps:

  1. Select the correct Domain ("Zone") for the entry you intend to configure.
  2. Click on "Add Record" once more and select the Record Type "SRV".
  3. As "Hostname*"enter the subdomain which you want to configure, here _hkps._tcp.example.com. Usually, your domain will already be configured or is added automatically.
  4. Click on "Configure" and enter Priority ("1"), Weight ("1") , Port (443) and Destination (pgp.mailbox.org.).
  5. Save the entry by clicking on "Add".

This is the procedure that works for example at the german provider Hetzner. Before saving the configuration, you need to replace "example.com" in the line shown above with your own e-mail domain name, which you must have previously set up for use with mailbox.org.

Provider:

Please note that different providers will use different input masks for DNS entries. The fields in these dialogues will have varying names and require different input formats. Read your provider's documentation on the SRV entries in the DNS or consult your provider's support. mailbox.org cannot provide any support here.