DKIM Signature Alignment issue for emails relayed through the server

CJRB

• April 12, 2023 15:47

I'm going to try to explain the issue that we are experiencing and maybe someone had similar issue and have properly configured Zone entries. We have 2 domains (examples): 1. sharedhosting.com - This domain is hosted on a shared hosting where we have our main website and ticketing system (osTicket) hosted. Cpanel user access only. 2. dedicatedserver.com - This domain is hosted on our dedicated server with WHM/Cpanel access and is used for our web application. Since our emails from sharedhosting.com would end up in JUNK or SPAM folder because our account would use shared mail server we decided to send emails from our dedicatedserver.com as it has good reputation. We created smtp@dedicatedserver.com email address and configured our ticketing system to send emails through that account with authentication with the FROM header "hello@sharedhosting.com". We configured SPF records on dedicatedserver.com to include sharedhosting.com. osTicket (hello@sharedhosting.com) --> DedicatedServer.com (via smtp@dedicatedserver.com) ---> Recepient Recepient reply ---> hello@sharedhosting.com (on sharedhosting.com) Upon checking email deliverability on MXTools.com the only issue that came up was error for: DKIM Signature Alignment "DKIM Alignment hinges the domain in your "FROM" header matching the domain used in the DKIM signature (d=domain.com). This uses a relaxed format by default which means that a sub-domain would align as well. If this value is changed to strict in your DMARC record then the domain must match exactly. If there are multiple DKIM signatures, only one of them must align for DKIM alignment to be valid." From my understanding we need to add one more DKIM for our sharedhosting.com domain to our dedcatedserver.com so that it will email both DKIM signatures so that emails sent with FROM header "hello@sharedhosting.com" would not trigger that error. Is there a way to add DKIM signature and should we copy the signature that is set on sharedhosting.com or create a new one? Any help with this issue is greatly appreciated and hopefully will help other users. Thanks

• 

  cPRex Jurassic Moderator

  • April 13, 2023 16:40

  Hey there! If I'm understanding this correctly, you'd want to copy over the record from the sharedhosting.com DNS zone. Can you try that and see if that gets things working how you expect?

  0
• 

  CJRB

  • April 14, 2023 17:06

  Hey there! If I'm understanding this correctly, you'd want to copy over the record from the sharedhosting.com DNS zone. Can you try that and see if that gets things working how you expect?

  
  Yeah, I'm trying to figure out where to copy those records in cPanel account properly. So there is default DKIM record on "sharedhosting.com" under default._domainkey.sharedhosting.com. So I tried to duplicate that record under Zone Editor on dedicatedserver.com as s1._domainkey.dedicatedserver.com but it doesn't seem to add that DKIM it only sets "default" DKIM 0_o. I'm not sure whether I'm addigin it correctly under s1 domain key or I should add it under different domainkey. I also have access to WHM - so maybe there is setting to embed additional key beside default key?

  0
• 

  cPRex Jurassic Moderator

  • April 14, 2023 18:02

  Unfortunately there isn't a way to add anything other than the default key:

  0
• 

  michalmak

  • October 12, 2023 01:00

  Yeah, I'm trying to figure out where to copy those records in cPanel account properly. So there is default DKIM record on "sharedhosting.com" under default._domainkey.sharedhosting.com. So I tried to duplicate that record under Zone Editor on dedicatedserver.com as s1._domainkey.dedicatedserver.com but it doesn't seem to add that DKIM it only sets "default" DKIM 0_o. I'm not sure whether I'm addigin it correctly under s1 domain key or I should add it under different domainkey. I also have access to WHM - so maybe there is setting to embed additional key beside default key?

  
  Hey fellow Canuck! Did you ever figure this out. I'm having the exact same problem. No matter what I try I still get the alignment error. Any help/direction really appreciated. Thanks...and I apologize for reviving the old thread.

  0
• 

  CJRB

  • October 12, 2023 18:04

  Hey fellow Canuck! Did you ever figure this out. I'm having the exact same problem. No matter what I try I still get the alignment error. Any help/direction really appreciated. Thanks...and I apologize for reviving the old thread.

  
  Greetings! After extensive research it seems that there is no way to do it directly from CPanel or WHM. I found that someboday was able to do it at the OS level, manually changing config files, however those files would be overwritten when CPanel updates - so I don't think it was viable solution. The only solution that I found to be somewhat working is using Amazon Simple Email Service as it has ability to set custom DKIM after you verify and set DNS records on your main (sharedhosting) server. The reason I'm saying it is somewhat working is that there is no issue with DKIM alignment error, however some emails end up in the spam folder even if you are using Amazon Premium IP Pool. I think some of email services like Outlook see if emails come from Amazon (SES) and mark it as Spam as Amazon SES is used for mass emailing services. If you will find other solution, please post it here, I think it would be usefull to other people who are in the search for resolving DKIM alignment issue.

  0

Please sign in to leave a comment.