Webmaster Resources – DKIM keys, DNS Resource Record

STOP! Are you sure you need DomainKeys Identified Mail (DKIM)??

Consider these points:
  • Cpanel/WHM
    In Cpanel, you can enable DKIM support. Once enabled, you do not need to digitally sign any emails you send out if you are using the outbound mail services of your web account.
    - Login to cpanel in the normal way and click on 'E-Mail Authentication'.
    - Click enable for DomainKeys and SPF
    - cPanel will generate the entries and update your DNS all at the same time
    * The changes will take effect almost immediately.
  • Plesk (8.6 and up)
    In Plesk, you can enable DKIM support. Once enabled, you do not need to digitally sign any emails you send out if you are using the outbound mail services of your web account.
    - select the domain then click "Mail" icon
    - click on the "Preferences" icon
    - enable "Use DomainKeys spam protection..."
    - click "DNS Settings" button under "Services"
    - click the "Add Record" button located under the "Tools" section
    - choose "TXT" from the dropdown
    - enter the details to match what you see on your screen in the following screens
  • Sendmail
    If you are manually configuring your server (without an automated control panel like Cpanel), Sendmail.org have a DKIM-Milter available.
    Once configured and enabled, you do not need to digitally sign any emails you send out if you are using the outbound mail services of your web account.
  • Postfix
    If you are manually configuring your server (without an automated control panel like Cpanel), Postfix.org have a DKIM-Milter available.
    Once configured and enabled, you do not need to digitally sign any emails you send out if you are using the outbound mail services of your web account.
  • Qmail
    A DKIM support patch is available here. Once configured and enabled, you do not need to digitally sign any emails you send out if you are using the outbound mail services of your web account.
Third-party DKIM digital signing
This section refers to domain owners contracting third-party suppliers to send out email campaigns on their behalf. Typically, these campaigns are sent from the third-party supplier's servers identifying the paths and IP addresses of the third-party provider.
Third-party suppliers will need several things:
  1. Generate a DKIM Public Key
  2. Generate a DKIM Private Key
  3. Supply the domain owner the DNS resource record to add to the domain DNS Zone record
  4. Digitally sign all outbound emails on behalf of the domain owner
Note: if the third-party supplier uses the outbound email servers of the domain owner, no digital sining is required.

Summary
If you are using the outbound mail services of a mail server that already has DomainKeys installed, you do not need to digitally sign your emails.

Specifically for PHP mail() users: if DomainKeys is enabled and properly setup in your DNS Zone Record, and you use an email address for Return-path, Reply-to, and From that is consistent with the domain, you do not need to digitally sign your emails using PHPMailer.

... continue