DomainKeys is an email authentication system designed to verify message integrity and the DNS of an email sender. This article will show you how to enable DomainKeys on your DV server.
READ ME FIRST
This article is provided as a courtesy. Some parts of this article, such as configuring DNS for DomainKeys, are unsupported by Media Temple. Please take a moment to review the Statement of Support for information about what is and is not supported by your DV server.
Enable DomainKeys on your DV server
Only the primary domain on a subscription can use a domain key. If you would like to use domain keys for multiple domains, they will each need to be the primary domain for their subscription.
- First, log into your Plesk control panel.
- Click on Tools & Settings located on the left-menu bar in Plesk.
- Locate Mail. Then click on Mail Server Settings.
- You will be taken to the "Server-wide mail settings" page. Locate DKIM spam protection. You can opt to "Allow signing outgoing mail" (to verify mail sent from your server) or "Verify incoming mail" (to check mail receiving your server), or both:
- Allow signing outgoing mail. Enables customers to switch on the DKIM signing of outgoing mail on a per-domain basis. It does not automatically enable signing of all outgoing email messages. To use DKIM, users must switch it on for individual domains.
- Verify incoming mail (Plesk for Linux). Switches on DKIM checking for all incoming mail. All messages are checked, and if the check fails, are marked with a special header.
- Click the OK button to save your DKIM settings. DKIM is now enabled on your DV server.
- You'll then need to turn DKIM on for each domain you wish to use it on.
- To do this, navigate to the control panel for the desired domain.
- Click on Mail Settings.
- Enable "Use DKIM spam protection system to sign outgoing email messages". Then click OK.
You've now enabled DKIM on your server and for your domain!
Configure DNS for domains using DKIM
Next, you'll want to configure your DNS accordingly. If you are using private, custom nameservers hosted on your DV server (uncommon), this will be configured automatically. If not, you'll need to edit your DNS zone file to match these records, per the instructions below:
Once generated, Plesk stores your DKIM information in the inoperative DNS zone file stored on your server. These DNS zone files are only used if you are using private nameservers; if not, it's best to think of this record as a stored template to use in your live DNS zone file.
Your DNS zone file will be found in your AccountCenter if you are using (mt) Media Temple's nameservers. If you are using a third-party DNS host, you will need to log into your control panel there to edit the records accordingly.
- First, we'll need to view the newly-generated DKIM record in Plesk's "DNS Settings" tool. Return to your domain's control panel. Then click DNS Settings.
- When you enable DKIM through your domain's Mail Settings, two new "_domainkey" entries will be generated as TXT records for your domain. You'll want to copy these records down with the unique key for your domain.
- Next, you'll need to re-create these "_domainkey." and "default._domainkey." subdomains in your DNS zone file. If you are using (mt) Media Temple's nameservers, this will be done through the "Edit DNS Zone File" tool in the AccountCenter, as pictured below.
Once you save the changes to your DNS zone file, it will take up to 48 hours for DNS changes to propagate for your domain. With that, you're all done, and DomainKeys is now operational!