DKIM signature in DNS OK, but what when client sends also (legitimate) mail trough other servers ?

Markif

Member
Nov 9, 2016
23
2
78
Toulouse
cPanel Access Level
Root Administrator
Hello

WHM / CPANEL gives the possibility to generate a DKIM signature and insert it in its own DNS or copy / paste in a third-party DNS.
This is OK if the client only sends mail using the WHM server I suppose.

But what if that client *also* wants to send (legitimate) mail through another server (often some platforms used in education that send mail "on behalf of" the end user) ?
We have already added the IP addresses of the mail servers of these platforms to the SPF record in DNS.
But if we activate the DKIM signature proposed by WHM / CPANEL in the DNS of the domain, will the mail that the clients send via another mail server ( not ours) not be rejected by the anti-spam systems?

Or is there a way to fix this?
Thanks for your help.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,951
920
313
cPanel Access Level
Root Administrator
Hey there! I haven't personally heard of such a situation. The SPF record is there to define the IP address that can send messages, and you can add multiple IP addresses to those record types. DKIM records are a key that ensures the message isn't altered between the host and recipient, so it is not tied to any specific sender IP address but to the DNS zone itself.
 
  • Like
Reactions: Carlos Figueredo

sparek-3

Well-Known Member
Aug 10, 2002
2,022
227
368
cPanel Access Level
Root Administrator
The sending server would either need the same private key as on the cPanel server to sign the messages with.

Or you could generate a second DKIM with a different selector. The other sending server wold sign the message with that private key. You would need to add the public key to the selector in the domain's DNS.
 
  • Like
Reactions: Carlos Figueredo