More control of DKIM
We could really do with more control of DKIM, for example...
1. Ability to control key length 1024Bit or 2048Bit (server wide)
2. Enable subdomain signing, while you can't create email accounts for subdomains in Plesk, it's often the case that the server is named as a subdomain eg: mail.example.com Which means unsigned mail leaving the server (cron etc) even when example.com is hosted.
3. The standard OpenDKIM package allows you to add it to non_smtpd_milters so sendmail mail gets signed.
4. Ability to change the selector.
We really can't have mail leaving servers not being signed...it defeats the whole point in having it!
Deryll Newman commented
Yes! Especially #4
Christian Heutger commented
1. or EC (https://tools.ietf.org/html/rfc8463) as 2048 bit also already going down to be insecure in the near future