Is DKIM still relevent?

keat63

• April 25, 2017 04:45

Today as a security test on our staff, I decided to spoof an email, to see if they could spot the fake. It seems for what ever reason, i must have previously disabled DKIM/SPF, as worryingly the spoof got through unchallenged. Why is DKIM/SPF not part of the standard exim config, I know we used to use it, so I can only assume I disabled it for a reason. is there an alternative to check the authenticity of a sending address ?

• 

  cPanelMichael

  • April 25, 2017 15:10

  Hello, While setting up the DKIM records is important to ensure remote mail servers can verify those records, you have to enable the following options under the "ACL Options" tab in "WHM >> Exim Configuration Manager >> Basic Editor" if you want SPF/DKIM records verified on incoming email: "Allow DKIM verification for incoming messages" "Reject DKIM failures" As far as additional features, note that you can configure DMARC records for your domain names as of interface (Home >> Domains >> Zone Editor). The system uses DMARC records together with SPF or DKIM records to more easily determine whether an email message originated from the sender. DMARC records also allow you to more easily filter spam and phishing messages. For more information about the DMARC protocol, read documentation.
  Thank you.

  0
• 

  keat63

  • April 26, 2017 07:22

  I previously disabled DKIM as it was tagging legitimate email. Maybe we have some customers who use mail forwarding services or something. So the story goes, that I successfully spoofed a financial transaction, it was so accurate, that worryingly no one in the organisation picked up that it was indeed a spoof. I need to come up with a method whereby DKIM failures are flagged rather than rejected. Would something like CSF MailScanner do this ?

  0
• 

  cPanelMichael

  • April 26, 2017 15:35

  I need to come up with a method whereby DKIM failures are flagged rather than rejected.

  
  Hello, While unsupported, you could enable "Allow DKIM verification for incoming messages" and leave "Reject DKIM failures" disabled if you wanted to setup your own custom Exim configuration that performs another action (e.g. redirect, filter): 57. Support for DKIM (DomainKeys Identified Mail) As far as MailScanner, you'd need to check with their support team to verify what options are available with the application. Thank you.

  0
• 

  keat63

  • April 27, 2017 13:55

  I checked with MailScanner and it doesn't perform what I'd hoped. Today, I had to disable DKIM as it was blocking legitimate email. Our insurance advisor uses outlook.com, but send his emails from hisdomain.com DKIM was rejecting his email.

  0
• 

  cPanelMichael

  • April 27, 2017 14:49

  Hello, While it might not offer the same level of protection for validating individual emails, you may find the Greylisting feature offers some protection from emails sent from non-legitimate mail servers. Per it's description: When enabled, the mail server will temporarily reject any email from a sender the server does not recognize. If the email is legitimate, the originating server will try again after a delay. After sufficient time has elapsed, the server will accept the email. It's documented at: Greylisting - Documentation - cPanel Documentation Thank you.

  0

Please sign in to leave a comment.