I think that SmarterMail has only DKIM settings by Domain.

So, at the moment, you can't setup a "universal" DKIM

Using api is easy to do.  I created a simple script which, in addition to creating a universal DKIM on the chosen domain, also creates standard aliases (postmaster, admin, superuser)

Great, Sabatino! I never tought of using API to do this!

It appears you are using SmarterMail (configured as an Outbound Gateway) to perform DKIM signing on behalf of some non-SmarterMail servers that cannot do DKIM signing themselves.   I don't think SmarterMail Free can solve this problem for you.   SmarterMail Free only allows one domain, so you cannot configure DKIM signatures for multiple domains because you cannot configure multiple domains.  You couild configure one SM Free outbound gateway for each source domain, or you could buy the paid version.   But I don't know if SmarterMail will add DKIM signatures to a message that is merely passing through it.

If you have a mail-generating application that logs onto SmarterMail Free as a user account within the Free domain, then SmarterMail can be configured to allow any value for the message's From address, and a DKIM signature could be added for the Free domain.  This would not make the message DMARC compliant, but it would ensure that the message had an SMTP MailFrom address and a DKIM signature for the MailFrom domain.

Hi @Douglas,

So it sounds like whoever wants to pass messages through the SM server will need to use a domain that's already configured in SM or SM will not add a DKIM signature?

We don't want to have to touch our users' (non-SM senders) DNS as most of them are non-technical. So if they want to send from companyA.com for example through SM, ideally all they need is our SMTP credentials and we will add a default DKIM signature and rewrite their MailFrom so both DKIM and SPF can pass.

Can what @Sabatino mentioned above achieve this?

If the message has a From address of userA@companyA.com and an SMTP MailFrom address of userB@CompanyB.com, you might be able to get SmarterMail to add a signature for CompanyB.com.   Some evaluators may consider this useful information, but there is no specific guidance for why this might be interesting.

To be useful for DMARC, messages with a From address of userA@companyA.com need a DKIM signature for CompanyA.com.  This can only be accomplished by publishing a public key in the DNS structure of CompanyA.com.   A CNAME entry could be redirect the lookup to your domain for simplified administration, but you have to publish something in the CompanyA.com DNS structure

Why would I want a DKIM signature for the MailFrom if DKIM is meant to authenticate the visible From?