DKIM “provides a method for validating a domain name identity that is
associated with a message through cryptographic authentication”
(www.dkim.org).
You enable DKIM email signing for domains that use the Plesk DNS server
and those that use an external DNS server in a different way.
Enabling DKIM Email Signing for Domains That Use the Plesk DNS Server
To enable DKIM signing of outgoing email, go to Websites & Domains >
Mail Settings of a domain, select the Use DKIM spam protection
system to sign outgoing email messages checkbox and click OK.
If you have activated DKIM for a domain, Plesk adds the following two
records to the DNS zone of the domain (example.com stands for your
domain name):
-
default._domainkey.example.com
- contains the public part of the
generated key. -
_ domainkey.example.com
- contains the DKIM policy. You can edit
this policy.
Enabling DKIM Email Signing for Domains That Use an External DNS Server
If you use an external DNS service, DKIM signing will work for outgoing
messages, but the receiving mail server will not be able to validate
these messages. As a workaround, you can switch off Plesk DNS server and
add a corresponding DKIM-related DNS record on the external DNS service.
In this case, the receiving server will be able to validate the
messages. Learn how to enable DKIM email signing for domains that use
an external DNS
server.
SPF and DMARC Policies for Outgoing Mail
In addition to DKIM, Plesk supports SPF
and DMARC policies for outgoing mail. DMARC
carries out the specified policy as to how to treat email messages
depending on the results of the DKIM and SPF checking. By default, DMARC
uses general policy, and messages that did not pass checking are not
deleted. You can use stricter policy. For example, you can specify that
it is necessary for a message to pass both SPF and DKIM checking to be
accepted by the recipient mail server.
You can change the SPF and DMARC policies for your domain in the domain’s
DNS settings.
To set up DMARC or SPF policy for your domain:
Go to Websites & Domains > navigate to the domain > DNS Settings
and edit the DNS records related to SPF or DMARC. For example, this
record contains the default DMARC policy:
_dmarc.<your domain>. TXT v=DMARC1; p=none
For information on DMARC and SPF, including policy notations, refer to: