Pages

DomainKeys and DKIM in Plesk and cPanel

 

DomainKeys and DKIM can help you to increase the reputation of your e-mail server and preventing others to manipulate or fake your e-mails. In this tutorial, we want to show you how you can activate this feature in cPanel and Plesk. Firstly, we have to clarify that Plesk allows you to activate DomainKeys in the web interface and that cPanel is using the newer version called DKIM. Those are both quite similar in many points, but we will use those terms separately. All the images in this tutorial can be shown in a bigger version with all the details, by clicking on them. We will often use the example domain “yourdomain.com”. It has to replaced with your own one, whenever it appears.

DKIM in cPanel

After you logged into your cPanel account, please search for “Email Deliverability” in the search bar. After opening the matching tool, you might see that a p with DKIM and SPF at some of your listed domains. In this case, please click on the “Manage” button in the line of the required sending domain. The opening site should now look like this, possibly with an error message that your system does not control the DNS server:

If you have your own server with cPanel and you are using it as a name server, the configuration of DKIM might be finished already. In that case, the status of your DKIM configuration is not “PROBLEMS EXIST”, as shown in the image above. It is then already shown as “VALID”. If problems exist, please click on “INSTALL THE REQUESTED RECORD”. Afterwards, DKIM is shown as valid.

If you are not using your cPanel as nameserver, as it is always the case when using our Webspace,  you will have to manually transfer the record to the DNS zone on the responsible DNS server for your domain. Please log into the web interface of your domain registrar and add  a TXT record for the subdomain “default._domainkey.yourdomain.com”. “your domain.com” has to be replaced with your own domain. The data part of the record has to be filled with the character string you see next to “Value” in cPanel. It begins with: “v=DKIM1…”. If you are using our Contabo nameservers for your domain, please log into the Customer Control Panel, navigate to: DNS Zone Management and edit your domain. Please fill in the fields below “create a new entry” like in the following example:

newnew

When you now reload the tool “Email Deliverability” in cPanel and click on “Manage” next to your domain again, the following should be shown:

If you can see the same message, DKIM has been activated successfully!

If there is still an error shown, you should recheck all the points so far. Are you using the nameservers from Contabo or different ones? Did you create the records properly? If you have any questions, you can ask our support. We are reachable over the e-mail address support@contabo.com. It would be a pleasure to help you in this matter!

Regarding the SPF errors that might be shown below the DKIM section, please ignore those messages and check the SPF section in our other tutorial: Link

DomainKeys in Plesk

Please search in the search bar for: “Mail Server settings” and open the tool. At the point : “DomainKeys spam protection”, please check the Box “Allow signing outgoing mail”. Afterwards, you have to change to the “Mail Settings” of your domain and activate “Use DomainKeys spam protection system to sign outgoing email messages ” there, like in the following screenshot:

newnewnew

Then you can open the “DNS Settings” for the affected Domain. An additional TXT entry for the subdomain: “default._domainkey.yourdomain.com” should have appeared.

neeeeew

If it is missing, please repeat all the steps so far, but firstly delete the tick at “Allow signing outgoing mail” in the Mail Server Settings and set it again after saving. If you are using your Plesk as nameserver, the configuration should be finished now. You should now test the configuration. More about this step in the later point: How to test DomainKeys and DKIM.

If you are using other nameservers for your domain, for example the ones provided by Contabo, you have to copy the data part completely and add an identical record in the zone there. To do so, please log into the Customer Control Panel of Contabo, go to the DNS Zone Management and edit the Domain. Please add, like in the following example, a TXT record for the subdomain “default._domainkey.yourdomain.com” with the data part generated by Plesk.

finnew

As you can see in the picture, a second record has to be added. This one defines the policy, that every e-mail has to have a DomainKeys signature. Please add the subdomain “_domainkes.yourdomain.com” with the TXT record: “o=-“. With this last step, the configuration of DomainKeys has been finished. To ensure that everything is working perfectly, you should do a test now!

 How to test DomainKeys and DKIM

A good way to test a DKIM or DomainKey configuration, is the DKIMValidator.

After opening the site, you can see a randomly generated e-mail address. Please write an e-mail from your server to this address and, after a few seconds of waiting, open the analysis report with the button “view results”. With Strg + F, you can search the site, which gives you a lot information. To check if DomainKeys and DKIM are working, search for: “result =”. If it reads “pass”, everything is working fine. If there is a “fail” you should start a search for the cause. If you are stuck at some point, you can contact us anytime under the e-mail address support@contabo.com. Our team of experts will stand by your side to get it working!

Source: https://contabo.com/blog/domainkeys-dkim/

1 comments:

  1. Great explanation of DomainKeys and DKIM! For developers, using FiraCode can really enhance the coding experience while setting up these security features in Plesk and cPanel.

    ReplyDelete