Option to make DKIM a requirement

Discussion in 'Feature Requests' started by Jemt, Dec 12, 2020.

  1. Jemt

    Jemt Member HowtoForge Supporter

    Hi,
    I think it would be of great value if the server had an option to require DKIM to be configured for e-mail domains.
    I have users that constantly forget to configure SPF and DKIM for their domains. But if they weren't able to add an e-mail domain without configuring DKIM, they wouldn't forget. I'm tired of having to request Microsoft to unblock our servers due to missing SPF and DKIM configuration.
    - Thanks :)
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I think you can enable it by default, but not sure if the keys would be generated automatically.
     
  3. Jemt

    Jemt Member HowtoForge Supporter

    Thanks Th0m. However, forcing the user to click "Enable" in the DKIM section also makes them remember to add the DNS configuration as well. So completely automated is not what I would suggest. Although I supposed it would make sense to automate everything if the server served as a DNS service as well.
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Hmm, well, not sure if this would be a good idea and what would be the best way to implement it. And DKIM isn't necessary though it is good practice to use.
     
  5. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    basicly, you can enforce dkim (on the client or the server-level).
    i think, the easiest way is to check this in onSubmit and just check if "forced" is set, call the ajax_get_json to get the dkim-values and put the results into $this->dataRecord.
     
    Jemt likes this.
  6. Jemt

    Jemt Member HowtoForge Supporter

    Th0m: Microsoft more or less have DKIM as a requirement if you want to deliver e-mails to @outlook.com, @hotmail.com, @live.com, and @msn.com. Whether that's enforced in real life, I'm not sure - but it's part of their policy. One of our servers got blocked last week and we were able to have it unblocked when we implemented DKIM for all our e-mail domains:
    https://sendersupport.olc.protection.outlook.com/pm/policies.aspx (see 4. Authentication).
    We have never had any problems with other e-mail providers though, so can't say for sure whether DKIM was what changed their mind.
     

Share This Page