DKIM does not work
Problem reported by Morris - 7/2/2020 at 7:42 PM
Hi, we encounter a problem.

DKIM is correctly configured. And DNS test on webmail is successful. But all outgoing mail are still not signed with DKIM. Mails are showing DKIM failded on Gmail and other providers.

We upgraded to SmarterMail Professional Edition Version 15.7.6970, but the issue still exists. It's very critical.

Hope to get support. Thanks.

10 Replies

Reply to Thread
Douglas Foster Replied
Urgent issues should be handled with Support tickets.

I have been using DKIM signing in SM for a long time, and it works for me.

You may need to check your DNS entry to see if the scope ID is correct or if something else is wrong.
Signature keys over 1024 bits require a multi-segment DNS entry to handle the whole key.   This is more secure but may be trickier to implement correctly 

You can check DKIM at this site.   You send a message to a special address, then they display the analysis.

The main reason for enabling DKIM is to enable DMARC policy.   You should use DMARC in test mode (p=none) until this type of testing is complete.   If Google is blocking you and you do not have a DMARC enforcement policy, then you are probably being blocked for another reason.

MXToolbox.com is a great tool for monitoring your domain and IP reputation.   Basic accounts are free.

Morris Replied

Thanks for your reply.

Actually, we successfully configured hundreds of mail domains on SM for our clients in the past years. We've set all necessary records, MX, SPF, DMARC, DKIM and rDNS. We tested some online tools, including mxtoolbox. This is the only case we meet in years that DKIM does not work. It's so strange.

That's why we seek answers here.
Vasco Antonio Replied
To: all including SmarterMail

All existent Domains work very well except the company domain DKIM signature. Below the third party analysis:

 0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid
I have generated dozen of signatures and always same result.
Vasco Antonio Replied
To: All

I didn't have any answers from my previous post, however everything was sorted and works amazingly well.
The problem was the block-size in DNS TXT records on Windows Server 2016.
Maximum size is 250 characters, so you have add double quotes inclosing the whole string and a CR-LF every less than 250 chars on the DKIM record.
"v=DKIM1; k=rsa; p=...................................."

Pan tigon Replied
@Morris, I have also reported the same issue before, but it still hasn't been fixed.
S M Replied
Can one of you who has successfully configured DKIM, SPF, DMARC, kindly share the link for a step-by-step instructions on configuring the same. I tried multiple times what was explained in this post https://www.smartertools.com/blog/2019/04/09-understanding-spf-dkim-dmarc but I keep getting my email flagged as spam in Gmail and also shows DKIM as failed. 
Douglas Foster Replied
Did you test using mxtoolbox and dkimvalidator?  What are your results?
S M Replied
I did check the MXToolbox and dkimvalidator on the website https://www.dmarcanalyzer.com and the message I get is "This seems to be a valid DKIM Record"

but when the email comes into gmail it gets sent to Spam and when I check the header it has "
DKIM:'FAIL' with domain xxx.com - with xxx being our domain

I have not setup Reverse DNS entries and not sure if that is an issue
Robert Emmett Replied
Employee Post
Subraya, I recommend that you open a support ticket. We have a DKIM logging build that you can install that will help track down why the DKIM signing message is failing verification.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
S M Replied
Thanks Robert. Let me do that.

Reply to Thread