6

If I am sending mail through SMTP, I understand that it is IONOS who signs those emails, right?

I would like to add the DKIM header to my emails. I know that it is necessary to publish a CNAME record with the public key but if I don't use a third-party service, I understand that it is ionos who must have that private key and therefore offer me the public key.

If ionos does not offer me the public key, what do I do? Since IONOS is in charge of signing the mail with the private key and adding the DKIM header, if they don't give me a public key, what is the solution or is something wrong with the approach?

Has anyone got something similar? Should I send an email to IONOS requesting the public key?

Dave M
  • 4,494
  • 21
  • 30
  • 30
Diego
  • 63
  • 1
  • 3
  • 1
    What do you mean? If IONOS handles your mail, they _are_ the third party service. – Michael Hampton Aug 15 '20 at 20:06
  • Sorry, that's confusing. I was referring to other third-party services such as malchip etc if they offer you their publick key generated from their private key. IONOS from what I see does not offer public key to add dkim and as if it did not offer support – Diego Aug 15 '20 at 21:40

2 Answers2

10

it is IONOS who signs those emails, right?

It would be, if they signed them. But they don't. (But they should.)

Here are some excerpts of a conversation I had less than 10 minutes ago with their support team (emphasis added):

IONOS: Hello there. I understand that you want to add a DKIM. Unfortunately we don't have a DKIM record in IONOS. You can instead a Dmarc record and SPF record to authenticate your emails.

Me: Er, to clarify- are you saying that IONOS e-mail hosting does not use or support DKIM authentication of outbound mail?

IONOS: Yes. That is correct. We do not have a DKIM record. But you can use an SPF record . SPF record is enough to authenticate your emails

Me: Do you know when/if IONOS will add DKIM to outbound e-mails?

IONOS: I'm not sure if they will integrate a DKIM in our current mailing system. And also it make time some time for that to happen.
But rest assured I will forward your concern to our administrators, product engineers / system engineers.

'Tis the wild west over there. Not a cryptographic signature in sight. Set your DMARC to SPF-only until you can shell out for a 21st-century mail host.

JamesTheAwesomeDude
  • 256
  • 3
  • 12
  • 1
    I had the same conversion with Ionos yesterday; they still don't support DKIM and no ETA in sight. However, the support agent mentioned that the situation may be different if using their Microsoft Exchange email product. Haven't looked into that yet. – Manuel May 04 '22 at 11:33
0

I had a similar conversation with them yesterday. I was told that implementing DKIM was on their road map, but the support operative was unable to give me an indicative timescale. I'm not holding my breath as I'm not convinced that the operative I spoke to actually understood the question and may have just wanted to get rid of this guy speaking gobbledygook.

Keith
  • 1
  • This does not provide an answer to the question. Once you have sufficient [reputation](https://serverfault.com/help/whats-reputation) you will be able to [comment on any post](https://serverfault.com/help/privileges/comment); instead, [provide answers that don't require clarification from the asker](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can-i-do-instead). - [From Review](/review/late-answers/517595) – Dave M Apr 09 '22 at 12:01