DKIM is an email authentication technology which uses cryptography to validate that a message was sent by an authorized source. It is a method for associating a domain name to an email message, thereby allowing a person or organization to claim some responsibility for the message. In DKIM, any sending or handling mail agent either an MTA (Mail Transfer Agent) or a MUA (Mail User Agent) can cryptographically sign mail by adding a DKIM-Signature mail header to the mail item.
The DKIM-Signature header contains a number of fields of which the most important are:
Signer:
Identifies the mail signing source – either the originator of the mail or a delegated third party acting on their behalf.
Coverage:
Describes what parts of the mail item are covered, such as nominated mail headers, the mail body or specific parts of the mail body.
Scope:
Defines the mail signers scope, ie, a single email address, mail for the whole domain or some subset of the domain.
Keys Used:
The technology used in DKIM is called public key cryptography. For the purposes of DKIM, there are actually two keys, called the public key and the private key. The private key can be used to sign the message, and it must be kept secret. But the public key can only be used to verify the signature, and hence can be widely published. Someone having only the public key cannot create a false signature. A signer simply signs messages using its private key and publishes the public key using DNS
The Sendout Process with a DKIM Signature
1. The sender are registered with the DNS server. A special encrypted signature is created that makes these domains clearly identifiable.
2. During email sendout, the signature and sender information are embedded in the email header.
3. When an email provider receives an email that contains a DKIM signature, it obtains the key to decipher the signature from the DNS server.
4. If the sender is correctly identified by the DKIM signature, this increases the chances of delivery in the inbox.
5. If the DKIM signature does not match the sender identity, the email is probably marked as Spam.
Enable DKIM for Domains on a cPanel Server
To enable for new accounts automatically
Login to WHM => Tweak Settings and enable the option – “Enable DKIM on domains for newly created accounts”
One can add DKIM support for the domain by adding the option Enable DKIM on this account in WHM.
Enable DKIM on Existing domains
1. In cPanel =>Email Authentication section, which offers the ability to create DomainKeys.
2. From the command line, use the following script supplied by cPanel
#/usr/local/cpanel/bin/dkim_keys_install $use
If you require help, contact SupportPRO Server Admin
