DomainKeys and DKIM in Plesk and cPanel
DomainKeys and DKIM can help you to increase the reputation of your e-mail server and preventing others to manipulate or fake your e-mails. In this tutorial, we want to show you how you can activate this feature in cPanel and Plesk. Firstly, we have to clarify that Plesk allows you to activate DomainKeys in the web interface and that cPanel is using the newer version called DKIM. Those are both quite similar in many points, but we will use those terms separately. All the images in this tutorial can be shown in a bigger version with all the details, by clicking on them. We will often use the example domain "yourdomain.com". It has to replaced with your own one, whenever it appears.
DKIM in cPanel
After you logged into your cPanel account, please search for "Authentication" in the search bar. The matching tool will now get shown in the e-mail section. After opening it, you might see that DKIM has not been activated so far. In this case, please click on the button "Activate". The notification should now look like this, possibly with an error message:
If you have your own server with cPanel and you are using it as a name server, the configuration of DKIM might be finished already. In this case, the notification will look like in this picture.
If there is, as already mentioned, an error shown, you will have to translate the raw DKIM record into the final record with the correct syntax and insert it into your DNS zone manually. So please mark and copy the whole raw DKIM record. cPanel offers the code in a form we cannot use directly. Before we can use it, we have to remove all wrong special characters. For this purpose, we can use Notepad, which is available in every basic Windows installation.
Please insert the string into the editor:
The following has to be removed: everything that stands before "v=DKIM1". Also all the double quotation marks before, in the middle or at the end of the key. Furthermore, we have to delete the \ in front of the last ";". Please check that there are no line breaks. Now we have to analyse the part after: "p=". In this part, all whitespaces have to be removed. If you had to remove a " in the middle of the key, there will be such a white space right afterwards. If there are none of the mentioned special characters, it is absolutely okay. The result should look like this:
Now you have to create a TXT record on your DNS server in the DNS zone for the subdomain "default._domainkey.yourdomain.com". The character string created in the previous step, beginning with: "v=DKIM1...", has to be put into the data part of the record. "your domain.com" has to be replaced with your own domain. If you are using our Contabo nameservers for your domain, please log into the Customer Control Panel, navigate to: DNS Zone Management and edit your domain. Please fill in the fields below "create a new entry" like in the following example:
When you now reload the tool "Authentication" in cPanel with the key F5 on your keyboard, the following should be shown:
If you can see the same message, DKIM has been activated successfully.
If there is still an error shown, you should recheck all the points so far. Are you using the nameservers from Contabo or different ones? Did you change the raw DKIM record correctly? If you have any questions, you can ask our support. We are reachable over the e-mail address [email protected] It would be a pleasure to help you in this matter
Add-on Domain in cPanel
cPanel uses a new key pair for add-on domains. Therefore you can not use the DKIM record from your main domain for the add-on domains too. You have to extract it from the DNS zone management in WHM first, if you are not using your cPanel as DNS server. Webspace customers do not have access to the administrative WHM panel. So please just ask us for the required key. Customers with their own server have to log into WHM. There, please open the option "Edit DNS Zone" and choose your domain from the list. You should now see several records of different types. You need the one with the name: "default._domainkey". It should be there, if DKIM authentication got activated in cPanel previously. The needed key is added as TXT record on the right side. Please edit it as explained in the chapter "DKIM in cPanel". Finally, please add it in the DNS zone Management of your really used nameserver, for example the Contabo Customer Control Panel.
DomainKeys in Plesk
Please search in the search bar for: "Mail Server settings" and open the tool. At the point : "DomainKeys spam protection", please check the Box "Allow signing outgoing mail". Afterwards, you have to change to the "Mail Settings" of your domain and activate "Use DomainKeys spam protection system to sign outgoing email messages " there, like in the following screenshot:
Then you can open the "DNS Settings" for the affected Domain. An additional TXT entry for the subdomain: "default._domainkey.yourdomain.com" should have appeared.
If it is missing, please repeat all the steps so far, but firstly delete the tick at "Allow signing outgoing mail" in the Mail Server Settings and set it again after saving. If you are using your Plesk as nameserver, the configuration should be finished now. You should now test the configuration. More about this step in the later point: How to test DomainKeys and DKIM.
If you are using other nameservers for your domain, for example the ones provided by Contabo, you have to copy the data part completely and add an identical record in the zone there. To do so, please log into the Customer Control Panel of Contabo, go to the DNS Zone Management and edit the Domain. Please add, like in the following example, a TXT record for the subdomain "default._domainkey.yourdomain.com" with the data part generated by Plesk.
As you can see in the picture, a second record has to be added. This one defines the policy, that every e-mail has to have a DomainKeys signature. Please add the subdomain "_domainkes.yourdomain.com" with the TXT record: "o=-". With this last step, the configuration of DomainKeys has been finished. To ensure that everything is working perfectly, you should do a test now!
How to test DomainKeys and DKIM
A good way to test a DKIM or DomainKey configuration, is the DKIMValidator.
After opening the site, you can see a randomly generated e-mail address. Please write an e-mail from your server to this address and, after a few seconds of waiting, open the analysis report with the button "view results". With Strg + F, you can search the site, which gives you a lot information. To check if DomainKeys and DKIM are working, search for: "result =". If it reads "pass", everything is working fine. If there is a "fail" you should start a search for the cause. If you are stuck at some point, you can contact us anytime under the e-mail address [email protected] Our team of experts will stand by your side to get it working!