How to specify a key server in the SRV record

Finding the correct PGP key of an email recipient is a frequent problem for anyone who uses email encryption to communicate securely with others. Some applications are able to determine the correct keys automatically if the appropriate settings are configured in the Domain Name System (DNS).

If you use mailbox Guard with external (non-mailbox.org) email addresses and wish to enable others to access your OpenPGP keys automatically, then you may use our key server. To do so, set the SRV record for your domain. The following procedure is similar to the steps described in more detail in this article: Using e-mails with a custom domain

Create a new entry ("Record") of type SRV. The entry _hkps._tcp.example.com points to the key server at mailbox, i.e., the server that stores the public PGP keys for mailbox. It listens on port 443 at the address pgp.mailbox.org.

DNS record for key server

\_hkps.\_tcp.example.com IN SRV 1 1 443 pgp.mailbox.org.

Replace example.com with your custom domain (see Using e-mails with a custom domain).

Here's the step-by-step procedure using the example of the German provider Hetzner:

1. Select the correct domain (Zone) for the new entry.
2. Click Add Record and select the Record Type SRV.
3. As Hostname, enter the subdomain you want to configure, here _hkps._tcp.example.com. Replace example.com with your custom domain. Usually, your domain will already be configured or is added automatically so you only have to enter the subdomain _hkps._tcp.
4. Click Configure and enter Priority (1), Weight (1) , Port (443) and Destination (pgp.mailbox.org.).
5. Save the entry by clicking Add.

Please note that different providers will use different input masks for DNS entries. The fields in these dialogues may have different names and require different input formats. Read your provider's documentation on the SRV entries in the DNS or consult your provider's support. mailbox cannot provide any support here.