DKIM with same key but different domains

spam dkim
8,197

Solution 1

You can use the same key for multiple domains. Using different selectors for the same key won't help your reputation. It will also make signing more difficult. You can use the same selector for different keys as they will be published under different domains.

You will need to publish the selector DNS record for each sending domain. Sign the outgoing message with the matching private key.

In my experience, a high percentage of organizations either don't publish a DKIM record. Others publish an invalid record. Neither case adds credibility.

If you are sending from the same IP address, all domains will be marked as spam. Most blacklists are IP based, not domain based. As long as you are using a properly configured server, including DNS configuration it is unlikely your server will be flagged as spamming unless you send spam. Double opt-in should prevent that.

Do ensure your servers are not open relays. Open relays do get flagged and are commonly used to send spam. I do my best to ensure the spam gets left on the open relay as long as possible.

Solution 2

This solution is not very flexible and elegant (same selector) but it's work.

In opendkim.conf you can specify multiple domain without KeyTable/SigningTable just :

Domain    xxx.tld,yyy.tld,zzz.tld
Selector    default
KeyFile    /etc/opendkim/keys/default.private

In DNS zone of xxx.tld:

default._domainkey TXT "v=DKIM1;k=rsa;p=...."

In DNS Zone of yyy.tld:

default._domainkey CNAME default._domainkey.xxx.tld.

In DNS Zone of zzz.tld:

default._domainkey CNAME default._domainkey.xxx.tld.

ps: An advantage : if you must generate the key, you must only modify the DNS zone of xxx.tld

(sorry for my English)

Share:
8,197

Related videos on Youtube

Ricardo Polo Jaramillo
Author by

Ricardo Polo Jaramillo

Updated on September 18, 2022

Comments

  • Ricardo Polo Jaramillo
    Ricardo Polo Jaramillo almost 2 years

    We are planning to sign with DKIM emails for multiple domains.

    Each domain will have a CNAME to a DNS entry in a common domain where the keys are stored. If every domain sign with the same key, but off course using different domain and selector, all of them will created independent reputation?

    If one domain is marked as spammer will affect the deliverability of the other domains?

    They are completely different and uses a differnt selector. Just shared the key.

  • Ricardo Polo Jaramillo
    Ricardo Polo Jaramillo about 8 years
    Based on your comment I understand I am doing it right. We have servers that send emails in behalf of the customer. We instruct our customers to create a CNAME pointing to our DKIM keys in our Domain. We sign we each user domain and use the CNAME as the selector. As you see different domains, but same key. So based on your comments that setup is ok. Right? Thanks so much!!
  • Eaten by a Grue
    Eaten by a Grue about 4 years
    Using the cname record worked great for me. Instead of using the Domain parameter I used refile with SigningTable and a wildcard like * selector since we want to sign all outgoing mail with the same key.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

I can't send email from my server to gmail addresses
cPanel Server Email to Gmail marked as Spam, SPF, DKIM, and rDNS pass
Improve Spam Confidence Level (SCL) for outgoing emails
Google Apps email DKIM won't authenticate
DKIM error: dkim=neutral (bad version) header.i=
Fighting Spam - What can I do as an: Email Administrator, Domain Owner, or User?
how to avoid email header Received: from unknown and email going to spam
PermError SPF Permanent Error: Too many DNS lookup
phpmailer, php, header, email goes to spam
PHP - Send email from other domain without being spam!