So what is DKIM?

From www.dkim.org:

DKIM allows an organization to take responsibility for a message in a way that can be verified by a recipient. The organization can be a direct handler of the message, such as the author's, the originating sending site's, or an intermediary's along the transit path. However, it can also be an indirect handler, such as an independent service that is providing assistance to a direct handler. DKIM defines a domain-level digital signature authentication framework for email through the use of public-key cryptography and using the domain name service as its key server technology [RFC4871]. It permits verification of the signer of a message, as well as the integrity of its contents. DKIM will also provide a mechanism that permits potential email signers to publish information about their email signing practices; this will permit email receivers to make additional assessments of unsigned messages. DKIM's authentication of email identity can assist in the global control of "spam" and "phishing".

DKIM is a tool that can be used, alongside other mail security technologies, to boost the trust in a given message.

How the plugin works

This plugin lets Moodle administrators add domain key entries into Moodle for outgoing mail they want signed with a  DKIM signature.

Let's take the fictional institution - Unseen University (UU).

UU have a Moodle instance, hosted with a 3rd party, this lives at the (fake) domain: moodle.uu.example

Their Moodle is integrated to their CAS portal, and has their user accounts synced across from it. So users in Moodle have uu.example email addresses (such as student1@uu.example). When this Moodle sends that user an email, it's able to attach a signature to the message that makes it possible for a student's mail client to verify that parts of the email are verified as valid according to the client domain.

The phpmailer library included in Moodle signs the From, To and Subject headers (and the Date header in Moodle 3.2+) and the message body.

Where can you set it up

You can find the configuration pages for DKIM in Open LMS Enterprise under:

Site administration / ► Plugins / ► Local plugins / ► DomainKeys Identified Mail

From there, you can enable or disable the feature outright, and at a minimum, the following pieces of info are required to setup a DKIM entry for any given domain:

  • the domain to sign for (i.e. "moodle.uu.example")
  • the selector to use on that domain
  • the private key associated with the domain and selector
  • the passphrase that goes with the private key (only required when the key has a passphrase)

Once configured, mail that Moodle is sending "From" that domain will get a DKIM signature from the matching entry you added.