On October 19, 2021, we have enabled single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
If you had already registered your account at MyPlesk.com/Plesk360/Platform360 please use one for login. Otherwise please re-register it using the same email address as your existing Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account.

Articles in this section

See more

How to configure DKIM policy in Plesk

Avatar
Kuzma Ivanov
Updated
Follow
Plesk for Windows Plesk for Linux kb: how-to ABT: Group A

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Question

How to configure DKIM policy in Plesk?

Answer

After enabling DKIM for a domain, two DNS records are added at Domains > example.com > DNS Settings. A DNS TXT record "_domainkey.<example.com>" contains a DKIM policy which can be adjusted.

For example, the default policy "0=-" means that all emails from this domain will be signed with a DKIM signature. In order to configure DKIM policy, edit this DNS TXT record.

For more information about configuring DKIM settings, refer to DKIM.org.

Comments

7 comments

Sort by Date Votes
  • Avatar
    b_p

    Hi Francisco Roman Garcia Rodriguez I refer to the following record

    _domainkey.<example.com> IN TXT "o=-"

    This is the outbound signing policy used with the old "Domain Keys" and not its successor DKIM: http://knowledge.ondmarc.redsift.com/en/articles/1553839-domainkeys-policy-record

    If you have a look at the current DKIM RFC, that record does not exist any more.

    1
    Comment actions Permalink
  • Avatar
    b_p

    Kuzma Ivanov Just a quick question / comment: What you describe here (and at https://docs.plesk.com/en-US/obsidian/administrator-guide/mail/antispam-tools/dkim-spf-and-dmarc-protection/dmarc.59433/#dkim) refers to the old Yahoo "Domain Keys" policy?!

    To my knowledge this DNS record could / should be deleted as DKIM does not use any policies any more (that's what DMARC is meant for).

    1
    Comment actions Permalink
  • Avatar
    Bob B

    @b_p @Anzhelika Khapaknysh

    I can confirm that enabling DKIM signing will add the depreciated signing policy DNS record.  Plesk should correct this.  The DKIM records are not listed under the DNS template settings, so it is not correctable by the Plesk Admin.

    This means that Plesk's DKIM implementation is incorrect (bug?) as it seems they carried over the "signing policy" record from the previous "DomainKeys" system, that was a predecessor of DKIM, but is not a part of DKIM.

    The devs should be notified.  However, at the moment, it isn't causing mail deliverability trouble, as far as I know, it's just creating extraneous DNS records, that will eventually need to be removed for each domain.

    0
    Comment actions Permalink
  • Avatar
    Anzhelika Khapaknysh

    @b_p,

    I'd recommend contacting our Support Team for assistance in case of any questions.

    0
    Comment actions Permalink
  • Avatar
    Daria Gavrilova

    Hello @Karl May,

    Thank you for your question.

    If opendkim package is installed on the server, then the default location of opendkim.conf file is /etc/opendkim/opendkim.conf.

    However, this package is not packed with Plesk, but libopendkim-2.11.0-0.1.el6.x86_64 is.
    So the only way to configure DKIM policy is the one which is provided in the article.

    0
    Comment actions Permalink
  • Avatar
    Francisco Roman Garcia Rodriguez

    Hi b_p,

    I haven't found any link to Yahoo pages, could you please explain what record is the one you suggest to be deleted and why?

    0
    Comment actions Permalink
  • Avatar
    Karl May

    Where I can find "opendkim.conf"?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles