DKIM in 2018 - cPanel/WHM Settings


Well-Known Member
Jul 9, 2015
cPanel Access Level
Root Administrator
I've used cPanel/WHM for yeaaaars, I understand SPF, etc. I just want to make sure I understand what, exactly, WHM does with the DKIM settings these days.

So on the cPanel side, under Mail > Authentication, there's the Enable/Disable DKIM option. On its' own, what does this do, exactly? Does it block messages solely on this setting?​

Then on the WHM side there is "Allow DKIM verification for incoming messages", which defaults to off, and if it's enabled you also have the option to "Reject DKIM failures".​

Specifically, for one, I just want to make sure that the cPanel side isn't relying on "Allow DKIM..." in WHM to be enabled to function. Aside from that, I'm wondering how effective and/or reliable DKIM has been, both from a spam-blocking perspective and from a not-blocking-legitimate-messages perspective.

Is it worth enabling these days?


Staff member
Apr 11, 2011
Hello @brt,

In short, the option in cPanel is for outgoing emails, and the options in WHM are for incoming emails.

The DKIM option under "cPanel >> Authentication" enables DKIM and adds the appropriate TXT records in the DNS zones of all domain names associated with that cPanel account. This allows remote servers to detect that these domain names utilize DKIM.

The following options under the "ACL Options" tab in "WHM >> Exim Configuration Manager >> Basic Editor" allow you to configure Exim to verify DKIM records with incoming emails from remote mail servers and to reject messages that fail DKIM verification.

Allow DKIM verification for incoming messages
Reject DKIM failures

I haven't seen very much feedback here on the cPanel forums regarding the effectiveness of DKIM verification for stopping incoming SPAM. However, check out the "incomingspam" tag to see a list of threads where users on this forum are discussing options and situations related to blocking incoming SPAM emails:

incomingspam | cPanel Forums

Thank you.


Mar 6, 2008
What does the "Allow DKIM verification for incoming messages " option do, if it is not to reject the emails? What good is it to verify the signature? and I would think WHMCS needs an option to reject or ignore domains that aren't DKIM signed.