DKIM signing without filtering
For a website account I want to have the smtp server sign outgoing mail with DKIM, but I don't not want the server to filter incoming messages. Does anybody here know if this is possible with cPanel?
If I look under "Email Authentication" in cPanel it says "DKIM allows your server to verify incoming email and prevent incoming spam messages. This feature ensures that incoming messages are unmodified and are genuinely from the indicated sender." This would seem to indicate that this function enables the filtering of incoming messages, that I do not want. But if I try to enable the function it checks if the server is authoritative and shows a dns record to configure, which would indicate that this is the signing, that I do want (there would be no need to set up a new dns record, if I was just doing filtering). So is this function ("DKIM" under "Email Authentication") controlling filtering (so the text is simply wrong) or signing? or both (and if so, are there any way of only enabling one of them)?
-
Hello, The DKIM option under "Email Authentication" in cPanel only applies to outgoing email. The DKIM verification for incoming email is available in the "Exim Configuration Manager" within WHM. Thank you. 0 -
Thanks a lot for your reply. But isn't the text on the screen and the help saying the complete opposite? Would it be possible for you to open an issue a have the text fixed, as you are a staff member? It somehow seems wrong just to ignore such a bug and as a mere user I don't have a service account. 0 -
Hello, The current message in Paper Lantern is: DKIM is a means of verifying incoming email. It ensures that incoming messages are unmodified and are from the sender from whom they claim to be. This feature works to prevent incoming spam messages.
It's designed to explain what exactly DKIM is, but I do see your point that it can be confusing due to the option that's available in Web Host Manager. Is there any particular line of text you would prefer to see, or just an overall notice that enabling it will only affect outgoing email? Thank you.0 -
I assume Paper Lantem is a version name. I should perhaps have mentioned that the one I look at is version 11.48.3. But the messages seem to have the same problem. I think there is two parts to DKIM, signing and verification. So I think I would change the header from "DKIM" to "DKIM signing" and the quoted text to something like "Adding a DKIM signature to your outgoing messages allows receiving servers to verify, that incoming messages are unmodified and are from the sender from whom they claim to be from. This may reduce the chance that your legitimate messages are treated as spam by the receivers server. (To setup filtering of incoming messages on this server go to "Exim Configuration Manager")" Does that make sense? I think that would have lessened my confusion. It should of course be checked that that is actually what the functionality does :) I can't find the Exim Configuration Manager, but that may be a licensing issue I guess. The "SPF"-section should probably have similar changes applied (e.g. "This feature prevents outgoing spam messages" gives the wrong impression, because if the spam messages are outgoing from your server adding a SPF-record won't change anything about that, but it will allow recipients to filter incoming spam coming from other servers). To help delivery it seem that a DMARC functionality should also be added. Thanks for your help. 0 -
I had forgotten about the dns part. But saying adding "and authorizing the key using a DNS-record" before "allows receiving servers to verify" perhaps makes it a bit long. 0
Please sign in to leave a comment.
Comments
6 comments