DKIM for PHP mails?

[opentype]

PHP mails have been a good default with acceptable delivery for many years. But now the major email services all check for SPF/DKIM/DMARC and reject mails without proper DKIM headers, which I can set up for my domain and mailboxes, but not for PHP mails sent from Invision Community. Any chance this could be added?

[KT Walrus]

I use Zoho ZeptoMail for transactional mail. It is cheap and Zoho has the best privacy policy I’ve found. 

ZeptoMail is just $25 for sending 100,000 emails. 

I also use Zoho Mail for all my email accounts. It is only $48 a year per mailbox with even less expensive options available if you have a very small budget.

Zoho has a fantastic suite of apps for businesses. I moved from Google Workspaces just because of Google’s privacy policy being so bad for us consumers. 
 

[Randy Calvert]

DKIM has nothing to do with the software. It’s a server level / DNS level function.  This is technically impossible for IPS to do for self hosted customers. 

[opentype]

4 hours ago, Randy Calvert said:

DKIM has nothing to do with the software. It’s a server level / DNS level function.

Setting it up is. Making it part of the mails needs to happen where the mail is created. 

[Randy Calvert]

27 minutes ago, opentype said:

Setting it up is. Making it part of the mails needs to happen where the mail is created. 

While I was still self hosted, I 100 percent set it up outside of IPB.  If you’re using a control panel like cpanel, Plesk or DirectAdmin, they’ll do it for you. 

There is nothing that IPS can do that would make it easier because even if they generated a DKIM private key for you, it could not be installed.  If you actually need help generating the private key, instead of having IPB do it … there are tons of generators online. 

https://powerdmarc.com/dkim-record-generator/

You’re asking IPB to do the equivalent of configuring your mail server. 

These are the high level steps for setting up DKIM:

Generate a key pair: You can use your email service provider or DNS management platform to generate a unique cryptographic key pair for your domain. The tool you use will depend on your operating system. 

1. Create a TXT record: Add the public DKIM key as a TXT record in your domain's DNS settings. 
— This is gone with a generator like above.

2. Configure your email server: Enable DKIM signing in your email server or sending platform. 
— This is done by your control panel or hosting provider (or via SSH root).  

3. Test your setup: Verify that DKIM signing is turned on and that DKIM authentication is working.
— This is done by you.

There is no step in this process where IPB can be realistically inserted in a valuable way.

DKIM is not “inserted” into emails. It’s done by the mail server as a signature from what actually sent it. It’s added by your mail server not the raw sent message.

Once DKIM is setup, it applied to ANYTHING sent by the mail server for your domain including other PHP scripts your site. Think of it as an hosting account (or root) level function and not a script level function. 

Edited June 21 by Randy Calvert

[Jim M]

Think of the software "sending" emails as you handing a postcard to a mailman. Everything for email sending verification would happen after it is handed over to your email server/service (or reaches the "post office") rather than within Invision Community.

[opentype]

25 minutes ago, Randy Calvert said:

Generate a key pair: You can use your email service provider or DNS management platform to generate a unique cryptographic key pair for your domain. The tool you use will depend on your operating system. 

1. Create a TXT record: Add the public DKIM key as a TXT record in your domain's DNS settings. 
— This is gone with a generator like above.

2. Configure your email server: Enable DKIM signing in your email server or sending platform. 
— This is done by your control panel or hosting provider (or via SSH root).  

3. Test your setup: Verify that DKIM signing is turned on and that DKIM authentication is working.
— This is done by you.

There is no step in this process where IPB can be realistically inserted in a valuable way.

Dude, what the hell? No one has asked how one would set up DKIM. That was never in question. 

25 minutes ago, Randy Calvert said:

Once DKIM is setup, it applied to ANYTHING sent by the mail server for your domain including other PHP scripts your site. 

Nope. 

 

5 hours ago, KT Walrus said:

I use Zoho ZeptoMail for transactional mail. It is cheap and Zoho has the best privacy policy I’ve found. 

For phpMails and SMTP, Invision Community only seems to allow one mail service for both transactional and bulk mails. So, setting up a transactional-only service doesn’t seem like a good solution unless the website never sends out (marketing) bulk mails. 

 

[Jim M]

8 minutes ago, opentype said:

Dude, what the hell? No one has asked how one would set up DKIM. That was never in question. 

Please watch your language here. Please remain civil and courteous. 

[KT Walrus]

20 minutes ago, opentype said:

For phpMails and SMTP, Invision Community only seems to allow one mail service for both transactional and bulk mails. So, setting up a transactional-only service doesn’t seem like a good solution unless the website never sends out (marketing) bulk mails. 

Maybe checkout

https://www.the-art-of-web.com/php/dkim-mail-signature/
 

if you want to develop a plugin for adding DKIM to your PHP mail. 

Or you could run postfix locally to relay your outbound mail to either a transactional mail service or your bulk email provider. SMTP queues outgoing mail so you can rate limit and send mail asynchronously. 
 

Or, you could see if IC5 distinguishes between transactional and bulk mail to allow ACP configuration. Should be something Invision could easily add, even into IC4. 

Edited June 21 by KT Walrus

[opentype]

To be clear: I specifically chose the feedback forum, not one of support forums, because this was meant as a feedback topic, not a “I am looking for help/instructions for my site(s)” topic. 

To make the point again in more detail: Defaulting to simple PHP mails has been the industry standard for php web apps for like 20+ years and Invision Community is no exception to this. It (usually) works right out of the box without the need for any configuration.
There is now a significant change happening in this area. It’s something that is all over the web tech news and I see it happen across my various websites as well. Mailbox providers are significantly raising the bar to get mails delivered, demanding multiple positive checks for the various authentication options. This makes it a concern for many (self-hosted) IPS customers who start out new or usually don’t touch the default settings. They will wonder why so many registrations get stuck or why mails don’t seem to get delivered at all, because Google throttled the delivery after a php bulk mail without proper authentication. Right now, the IPS description calls the option “sufficient for most sites”, but this might be worth reconsidering. And that was the point of this topic. I’m not making a claim about how this could be addressed. Maybe it can be reliably addressed directly in the code, maybe not. Maybe the onboarding process should instantly ask for SMTP details. Maybe it can be helped indirectly with things like allowing different services for transactional and bulk mails. All I tried was raising awareness for this issue, because I see it happening all the time and I see it getting worse. 

[Jim M]

16 minutes ago, opentype said:

To be clear: I specifically chose the feedback forum, not one of support forums, because this was meant as a feedback topic, not a “I am looking for help/instructions for my site(s)” topic. 

Regardless of where you post, this does not give you the right to attack a fellow client who wants to help you. Please always be courteous and respectful of others. 

17 minutes ago, opentype said:

They will wonder why so many registrations get stuck or why mails don’t seem to get delivered at all, because Google throttled the delivery after a php bulk mail without proper authentication. Right now, the IPS description calls the option “sufficient for most sites”, but this might be worth reconsidering.

Think you're looking here for a software solution to an email / hosting provider problem. We can look into adding some alerts, troubleshooting guides, or recommendations to talk with the hosting provider in this scenario, but this is not something we can resolve on the software-side completely as it requires email/server configuration and DNS changes.

[Richard Arch]

5 hours ago, opentype said:

Maybe it can be helped indirectly with things like allowing different services for transactional and bulk mails.

I like this idea, generally if any of our emails are going to be stopped/blocked its the bulk mail.  Our host flags our emails as suspected spam when they see the site trying to send 100s in a few seconds.  They shut our email system down suspecting we were compromised.  Although, they have got better since I keep reporting the issue to them that its a mail shot to subscribers.

If we could separate out host email system for the every day transactional emails and a 3rd party paid option for the infrequent mail shots it may give us a more robust delivery.

I'd also like to be able to add a "Reply To" address to bulk mail.