More control of DKIM
We could really do with more control of DKIM, for example...
Ability to control key length 1024Bit or 2048Bit (server wide)
Enable subdomain signing, while you can't create email accounts for subdomains in Plesk, it's often the case that the server is named as a subdomain eg: mail.example.com Which means unsigned mail leaving the server (cron etc) even when example.com is hosted.
The standard OpenDKIM package allows you to add it to nonsmtpdmilters so sendmail mail gets signed.
Ability to change the selector.
We really can't have mail leaving servers not being signed...it defeats the whole point in having it!
"1. Ability to control [DKIM] key length 1024Bit or 2048Bit (server wide)"
is available since Plesk 18.0.55, published August 29th, 2023
"4. Ability to change the [DKIM] selector"
is available since Plesk 18.0.56, published Ocotber 10th, 2023
Stay in the loop for more to come.
Jan Wroblewski commented
My business customers can not contact public authorities or government, because the mails gets rejected. DKIM 1024Bit is marked as deprecated.
Ray Wolff commented
2048Bit DKIM key support MUST be added ASAP!! Gmail now requires 2048Bit for sending emails to Gmail recipients per: https://support.google.com/a/answer/174124
Pugmarks Techs commented
Google use 2048-bit keys and Authentication is marked fails and ends up in SPAM
Yes - should be possible as soon as possible.
Only signing the headers To, From and Subject is not enough to current security conditions.
Ken Brown commented
This is a make or break deal... #4
Yes, needed for Plesk running a mail server! Esp. #4.
Deryll Newman commented
Yes! Especially #4
Christian Heutger commented
1. or EC (https://tools.ietf.org/html/rfc8463) as 2048 bit also already going down to be insecure in the near future