DKIM Alignment between two domains?

đź’¬ General Discussion
1

I have a situation where SutieCRM is on domain abc.com and the outbound email is cpanel info@abc.com

However, the client’s main domain is xyz.com and the outbound emails from SutieCRM come from info@xyz.com.

I’ve managed to get the DKIM signature authenticated and spf check and alignment, but am struggling with DKIM alignment between the two domains.

Researching it, it is suggested I need to include the DKIM signature for xyz.com in the outbound email header from SuiteCRM. Is this possible, has anyone done it? Am I on the right track?

2

You’re not on the right track. DKIM Alignment hinges on the domain in your “FROM” header matching the domain used in the DKIM signature (d=domain.com). This uses a relaxed format by default which means that a sub-domain would align as well. If this value is changed to strict in your DMARC record then the domain must match exactly.

Since you’re using 2 different domains, no subdomains, then there is no such thing as DKIM alignment in your case, that’s only for aligning subdomains with their main domain.

Check it here: Network Tools: DNS,IP,Email
Select “DKIM Lookup” from the dropdown.

Pro Tip: Keeping these email security keys up to date is time consuming to DIY. Anyone not on a control panel, get Virtualmin GPL, it’s free open source, let it do it for you.

3

Thanks for your input. So long story short, it’s not possible to have DKIM alignment sending abc.com as xyz.com? I personally use Sendgrid for outbound email from SuiteCRM and it checks all the deliverability boxes. I guess I’ll have to go that route.

4

DKIM alignment isn’t made for 2 totally different top level domains. You say you want to send mail from the abc.com server as coming from xyz.com, and have them pass email checks as authorized to send as xyz.com. That’s easy, you can do it several different ways.

  1. Why don’t you make the Suite server be a subdomain of the client’s main domain xyz.com, crm.xyc.com now DKIM Alignment applies, a few clicks and you’ll have set crm.xyz.com to send trusted email claiming to be from xyz.com.
  2. Configure the Suite server to send email thru the client’s mail.xyz.com mail server, port 465, SSL. You’re no loger using the abc.com outgoing mail server. Then the outgoing email will be trusted email from xyz.com.
  3. Have them configure xyz.com as Allow Relay Email from abc.com hostname and IP addresses onward to its destination.
2 Likes