DKIM signature in DNS OK, but what when client sends also (legitimate) mail trough other servers ?

[Markif]

Hello

WHM / CPANEL gives the possibility to generate a DKIM signature and insert it in its own DNS or copy / paste in a third-party DNS.
This is OK if the client only sends mail using the WHM server I suppose.

But what if that client *also* wants to send (legitimate) mail through another server (often some platforms used in education that send mail "on behalf of" the end user) ?
We have already added the IP addresses of the mail servers of these platforms to the SPF record in DNS.
But if we activate the DKIM signature proposed by WHM / CPANEL in the DNS of the domain, will the mail that the clients send via another mail server ( not ours) not be rejected by the anti-spam systems?

Or is there a way to fix this?
Thanks for your help.

 

[cPRex]

Hey there! I haven't personally heard of such a situation. The SPF record is there to define the IP address that can send messages, and you can add multiple IP addresses to those record types. DKIM records are a key that ensures the message isn't altered between the host and recipient, so it is not tied to any specific sender IP address but to the DNS zone itself.

 

[sparek-3]

The sending server would either need the same private key as on the cPanel server to sign the messages with.

Or you could generate a second DKIM with a different selector. The other sending server wold sign the message with that private key. You would need to add the public key to the selector in the domain's DNS.