Add support for DKIM ("DomainKeys Identified Mail")

[mykkal]

Hey guys... I found an article that says yahoo only checks domain keys and not DKIM.

If this is still true we would probably need Domain Keys and DKIM. Anyone disagree?

Read the article here: Domain Keys vs DKIM

[mykkal]

Hey guys... I found an article that says yahoo only checks domain keys and not DKIM...<---- Incorrect

This article states that yahoo does check for DKIM. In fact Yahoo! recommends the specification. with that knowledge in mind... I think cpanel should forgo domain keys unless it wants to offer all three services (huge selling point)... Since DKIM is based on domain keys and yahoo isn't mentioning domain keys in its recommendations I personally tihnk Domain Keys will soon be deprecated.

Yahoo's Stated Best Practices (Including DKIM now and NOT Domain Keys)
What are some best practices when sending to Yahoo! Mail? | Yahoo! Postmaster Help

[mykkal]

please note 4.72 is released now.

[mykkal]

The more I research this topic I can see that CPANEL hasn't really spent any time researching or trying to technically understand the technology behind DKIM or Domain Keys. Thats quite sad really... They have no idea what a critical juncture many bulk mailers are at.

AOL's Postmaster doesn't support Domain Keys or SPF which leaves us with DKIM as the only authentication option.

So that's one major network (Excite, Netscape, & Lycos are under them as well) that bulk mailers using cpanel 11.25 can't authenticate too. Of course we could install Exim 4.72 but cpanel tells us that installing that verison would void and warranty or technical support I currently have for my entire system. That leaves us many versions of Exim behind and extremely vulnerable to spammers, spoofing, and many security enhancements. The internet is becoming a more difficult place without these solutions and we need to have the option to authenticate before ISPs and governments force us to use the technology or cut off our ability to communicate.

What really sucks...if you look at it from my point of view is that I'm a bulk mailer using CPANEL 11.25.0 and the platform is 'technically' holding me back. I really don't understand it. A few years ago CPANEL was on the cutting edge of email authentication..now their customers are 1 1/2 years behind. PhpMyAdmin and MYSQL plus other critical services are updated all the time.

AOL Postmaster | Postmaster / Domain Keys Identified Mail (DKIM)

Taken from the AOL Postmaster's website stating their authentication processes:

What is DKIM?
Domain Keys Identified Mail is an email authentication standard. It uses a public/private encrypted key approach to authenticate the domain responsible for an email.

Is your signature validation compliant with the DKIM standard (RFC 4871)?
Yes. We have also passed the DKIM validation tests that were done at the October 2007 DKIM Interoperability event in Texas.

Do you support other sender authentication mechanisms?
We do not currently authenticate inbound email by any other mechanism. We will continue to evaluate other authentication technologies and adopt any that prove beneficial.

Hope you guys don't mind. Just trying to motivate CPANEL to see how urgent this really is.

[ts77]

Yes, getting rid of domainkeys to have DKIM support would be fully acceptable!

[cPanelDon]

please note 4.72 is released now.

That is correct; Exim version 4.72 was released June 3rd, 2010, at which time a new internal case was opened to track information related to this latest version.

If DKIM and Exim version series 4.7x are of interest to your business and or hosting needs I recommend voicing your support and sharing your unique suggestions for implementation by posting in the following feature request: Exim v4.7x implementation and DKIM - cPanel Forums

If more people express interest and share their individual ideas in the aforementioned feature request thread then the chances for implementation will be greatly increased; as the feature request grows in popularity this should also increase the likelihood that it may be implemented sooner rather than later.

[cPanelDon]

A number of older threads regarding the same topic of discussion, surrounding DKIM and or its prerequisite of Exim v4.7x, have been merged to better organize posted information regarding this feature request.

As a reminder, the original Bugzilla enhancement request entry for DKIM should not be used as our Bugzilla site has been deprecated in favor of ticket-based issue tracking and forum-based tracking of feature and enhancement requests; all constructive feedback regarding the requested implementation of DKIM, with its prerequisite of Exim v4.7x, should be posted within this feature request thread, including voicing your support for or against specific implementation ideas and your preferences for how DKIM should be used, such as detailing any desired differences that you would like to see when compared to the existing support of DomainKeys.

We very much appreciate everyone's individual contributions to the newly-combined thread thus far and we look forward to continued discussion as more people express ideas; as a direct result, it is your unique input that helps drive further progression of this feature request and helps to firmly shape the considered ideas for preferred implementation.

[mykkal]

Since AOL's postmaster confirmed that AOL does not verify the original Domain Keys Specification or SPF I wanted to post an example so that folks can see that it doesn't work. This is a 'test' email account on AOL's aim.com domain that I use to test delivery to all of AOL's networks.

If you look below you can see that AOL sees the domain keys signature in the header but does not verify it as a "pass". Also the SPF pass header is missing because the name server has not been queried by AOL.

This means both of CPANE'Ls currently implemented authentication procedures are now obsoleted for their ENTIRE user base I'm confident that they will fix this soon. But yes this is certified proof that DKIM is the new authentication procedure we must have.

Sender ID might be nice too
************************************************

Code:

X-AOL-UID: 3675.59069304
X-AOL-DATE: Sun, 20 Jun 2010 11:09:20 PM Eastern Daylight Time
Return-Path: <atlantafashionweek@mymodeltalk.com>
Received: from mtain-de05.r1000.mx.aol.com (mtain-de05.r1000.mx.aol.com [172.29.64.205]) by air-db05.mail.aol.com (v129.4) with ESMTP id MAILINDB054-86994c1ed7e060; Sun, 20 Jun 2010 23:09:20 -0400
Received: from mail4.mymodeltalk.com (mymodeltalk.com [72.232.253.244])
	by mtain-de05.r1000.mx.aol.com (Internet Inbound) with ESMTP id CDA4138000083
	for <mikemikey24@aim.com>; Sun, 20 Jun 2010 23:09:15 -0400 (EDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=mymodeltalk.com;
	h=Received:From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language:X-Source:X-Source-Args:X-Source-Dir;
	b=TDd0DqRzhJ8oK+qJOyHwshHZv23t/ZXLfKus4obHlRZEL7IllOvNbPsavJE0gA6qdStCMe/YV+O4X2+msHg7+1HnJLwAdYTUIawdGnrGnMG3sKnu81bnOsa7iGqdHgBp;
Received: from 75-94-194-58.gar.clearwire-wmx.net ([75.94.194.58] helo=mrmckoyPC)
	by mail4.mymodeltalk.com with esmtpa (Exim 4.69)
	(envelope-from <atlantafashionweek@mymodeltalk.com>)
	id 1OQXNq-0001pR-Vj
	for mikemikey24@aim.com; Sun, 20 Jun 2010 23:08:51 -0400
From: "Haute.Lanta Fashion Week - MyModelTalk Castings" <atlantafashionweek@mymodeltalk.com>
To: <mikemikey24@aim.com>
Subject: test email
Date: Sun, 20 Jun 2010 23:09:05 -0400
Message-ID: <049b01cb10ef$1d506fb0$57f14f10$@com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_049C_01CB10CD.963ECFB0"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcsQ7xs2lKlYgNO1TNeQkbdr3EBuRw==
Content-Language: en-us
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - mail4.mymodeltalk.com
X-AntiAbuse: Original Domain - aim.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - mymodeltalk.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
x-aol-global-disposition: S
x-aol-sid: 3039ac1d40cd4c1ed7db06b1
X-AOL-IP: 72.232.253.244

[mykkal]

The ability to verify DKIM would be an awesome feature all CPANEL/WHM customers. Then we can cut the amount of spam that we accept into our internal networks without the aid of spam filters which we all know do not get it all. Especially zero day spam (Thats spam just released into the internet).

Of course DKIM would only verify that an email originated from a particular domain but it would go far to limit spoofing and phishing. SPF and DKIM verified mail would nullify most fraudulent 'Nigerian 411' scams.

And besides...why should Yahoo!, AOL, or Gmail be the only networks that verify DKIM signed email. Cpanel/WHM currently does verify SPF records through a feature within its EXIM control panel which is awesome!

Logically speaking... The addition of DKIM verification to CPANEL would do wonders to stop spam circulating or even being accepted on CPANEL/WHM run domains. Wouldn't this help solidify CPANEL/WHM as the primer app for Linux users whether they are small, medium, or enterprise level businesses?

Honestly... I would pay to be licensed this plugin... if verification were to be a plugin. I'd hope it would be a standard feature tho. A standard feature would help responsible users of the internet to continue to police ourselves. Otherwise we may see government intervention at some point in the future forcing us install technologies we aren't comfortable with to combat the problems

Here's hoping for 11.25.2

[mykkal]

Bumping this back up. Not sure where cpanel is with this. I'd love to have an idea of what version this will finally included with.

Sidenote: I'm sooo tired of fighting with AOL, Excite, AIM, and LYCOS to get them to pass my mail.

Please cpanel... Add dkim so we can be compliant and pass mail on those networks..

[chiehkai]

We need this too.. DomainKeys are only being used by Yahoo!, while DKIM has been implemented by a lot of companies out there.

Please, add DKIM support into cPanel, or at least let us know you're going to add it or not.

[jecro77]

Hello dear cPanel Staff

Please support DKIM! DomainKeys can be dropped, it's outdated.

Keep on the good work.

[Miraenda]

Since a program like dkimproxy can institute both DomainKeys and DKIM for a machine for outgoing messages, cPanel could institute a similar program to provide both DomainKeys and DKIM support for outgoing emails using a similar methodology. Otherwise, dkimproxy could simply be added as one of the products that's part of cPanel instead as an alternative. This way, DomainKeys wouldn't need to be dropped as both could be available.

The issue with dropping DomainKeys is that some services do still check for it instead of DKIM, so you really need a proxying agent like dkimproxy (or something in-house developed) that can determine which is being checked and provide either DomainKeys or DKIM depending on what the receiving machine is checking for.

[thobarn]

Since a program like dkimproxy can institute both DomainKeys and DKIM for a machine for outgoing messages, cPanel could institute a similar program to provide both DomainKeys and DKIM support for outgoing emails using a similar methodology...

I agree. DKIM may be the new kid on the block, but some of us _DO_ use and rely on DomainKeys. Implement DKIM w/o sacrificing DomainKeys support please.

[mykkal]

Since a program like dkimproxy can institute both DomainKeys and DKIM for a machine for outgoing messages, cPanel could institute a similar program to provide both DomainKeys and DKIM support for outgoing emails using a similar methodology. Otherwise, dkimproxy could simply be added as one of the products that's part of cPanel instead as an alternative. This way, DomainKeys wouldn't need to be dropped as both could be available.

The issue with dropping DomainKeys is that some services do still check for it instead of DKIM, so you really need a proxying agent like dkimproxy (or something in-house developed) that can determine which is being checked and provide either DomainKeys or DKIM depending on what the receiving machine is checking for.

I'd rather not drop it but domain keys is kinda accepted as a primitive version of DKIM which is more robust. I think both are effective... But I also think domain keys will be deprecated soon!

We need this too.. DomainKeys are only being used by Yahoo!, while DKIM has been implemented by a lot of companies out there.

Please, add DKIM support into cPanel, or at least let us know you're going to add it or not.

Both would be the best option to be included in enterprise level software like Cpanel.

I agree. DKIM may be the new kid on the block, but some of us _DO_ use and rely on DomainKeys. Implement DKIM w/o sacrificing DomainKeys support please.

Co-sign this totally! We need more people to post in this thread. Please share it socially.... I'm not sure how urgent this is to cpanel but I think they are considering it.

Personally I can't wait another full year for the option. Its detrimental to my business. And really... They would want to offer that option to very successful web admins... They would be sending a lot of email anyways... Best to offer them technology that will keep them out of junk mail!

I hope CPANEL never falls this far behind on exim again! This thread has had 10,000 + views. C'MON CPANEL! Lets render this subject obsolete.