More control of DKIM
We could really do with more control of DKIM, for example...
Ability to control key length 1024Bit or 2048Bit (server wide)
Enable subdomain signing, while you can't create email accounts for subdomains in Plesk, it's often the case that the server is named as a subdomain eg: mail.example.com Which means unsigned mail leaving the server (cron etc) even when example.com is hosted.
The standard OpenDKIM package allows you to add it to nonsmtpdmilters so sendmail mail gets signed.
Ability to change the selector.
We really can't have mail leaving servers not being signed...it defeats the whole point in having it!
Pugmarks Techs commented
Google use 2048-bit keys and Authentication is marked fails and ends up in SPAM
Yes - should be possible as soon as possible.
Only signing the headers To, From and Subject is not enough to current security conditions.
Ken Brown commented
This is a make or break deal... #4
Yes, needed for Plesk running a mail server! Esp. #4.
Deryll Newman commented
Yes! Especially #4
Christian Heutger commented
1. or EC (https://tools.ietf.org/html/rfc8463) as 2048 bit also already going down to be insecure in the near future