DKIM signature in DNS OK, but what when client sends also (legitimate) mail trough other servers ?

Markif

• May 17, 2021 06:12

Hello WHM / CPANEL gives the possibility to generate a DKIM signature and insert it in its own DNS or copy / paste in a third-party DNS. This is OK if the client only sends mail using the WHM server I suppose. But what if that client *also* wants to send (legitimate) mail through another server (often some platforms used in education that send mail "on behalf of" the end user) ? We have already added the IP addresses of the mail servers of these platforms to the SPF record in DNS. But if we activate the DKIM signature proposed by WHM / CPANEL in the DNS of the domain, will the mail that the clients send via another mail server ( not ours) not be rejected by the anti-spam systems? Or is there a way to fix this? Thanks for your help.

• 

  cPRex Jurassic Moderator

  • May 17, 2021 17:38

  Hey there! I haven't personally heard of such a situation. The SPF record is there to define the IP address that can send messages, and you can add multiple IP addresses to those record types. DKIM records are a key that ensures the message isn't altered between the host and recipient, so it is not tied to any specific sender IP address but to the DNS zone itself.

  0
• 

  sparek-3

  • May 17, 2021 18:59

  The sending server would either need the same private key as on the cPanel server to sign the messages with. Or you could generate a second DKIM with a different selector. The other sending server wold sign the message with that private key. You would need to add the public key to the selector in the domain's DNS.

  0

Please sign in to leave a comment.