DKIM FAIL with domain null in GMail
I'm getting a DKIM: FAIL with domain null
error in GMail. When I go to See Original in GMail, I get dkim=fail [email protected];
.
In my DNS I have the following TXT Records:
DMARC TXT Entry: _dmarc v=DMARC1;p=reject;sp=reject;rf=afrf;pct=100;ruf=mailto:[email protected];rua=mailto:[email protected];ri=86400
SPF TXT Entry: example.com
v=spf1 +a +mx +ip4:70.xxx.xxx.xxx +ip4:71.xxx.xxx.xxx +ip4:72.xxx.xxx.xxx ~all
DKIM TXT Entry: _default._domainkey
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/HYr74H9Ty6HjTpjawYIfiDa7kOPx+0GJiw4rw7IYkfvrfrLojmGLuS4lg3NbIqYmLg9Ziz77q9vVT15ftrFB1+lTz6+Ei19b6AM8FGCJoDWRHRwB+YN0InJaFs/kPfy1SktqQI8TntPNfH2+tTOUrIT1gi8fjwSnfSkUsbNuSpIp3XrAU6pYzEjXF2h1A3UMFV+7+jLRzEvunj2YCsJ3vaifTihat+Nsw7eP5L2iAzW8b0joP3z6k/UkhUa7/35oNC4Xn1dY532irsBunMJz9QsBxIaNpepiZZkTxfglsq2RP4FWGZbiVFRDDcvsnpi4kFx3eAQtAoo+szLA70FQIDAQAB
I tested my records via https://www.mail-tester.com/spf-dkim-check and http://dkimcore.org/tools/keycheck.html and it all checks out. Public Key is 2048-bit. I read the GMail was failing DKIM with smaller keys.
I also tested it with http://unlocktheinbox.com and at the DKIM Validation Check it says:
Signature Found: Yes
SmarterMail DKIM Test: Failed - Bad Signature
MailBee.NET DKIM Test: Failed - SignatureInvalid
GMail doesn't seem to have any issues with my SPF and DMARC. Here's the authentication-results for those:
spf=pass (google.com: domain of [email protected] designates 70.xxx.xxx.xxx as permitted sender) [email protected];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=example.com
My emails are hosted/sent from http://inmotionhosting.com. My DNS is at CloudFlare.
What am I doing wrong or missing here?
Thanks!
Solution 1:
Check the DKIM signature in the header. The diagnostic messages seem to indicate that the domain field (d=) is empty or missing. Ensure you are supplying your domain when you sign the emails. The DKIM header should look something like the following:
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=example.com; s=201602; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Date:Message-ID:Subject:From:To; bh=GUIz2zzhMS1zh+o3BSEHOEq5KPzYRRlG+wqnc7+1vNM=; b=Q0LXbOPly2f1Ns6kpuS5e6dykT mefOZ8WX5tzNR0jD4Mqttg9IDutAE25M3FR+1UXcnakHCIsj+ELuoqafHvu/1av6vvAhZXMudoo/V wz3FDWwUnOroIaDPLvSR9RgBA/SHpPL9REEpCtN5WDnWDQK4P69CygrX+zbyh60aZVhE=;
Solution 2:
Try removing quotation marks from the TXT, if you have them.
That is: replace "v=DKIM1; ..."
with v=DKIM1; ...
in your TXT DNS entry.
For me, this solved the topic's error message. I used Cloudflare as DNS.
I got hang of it with https://mxtoolbox.com (dkim:example.org:mail
).
With quotation marks, the tool didn't recognize the DKIM1 "TagValue" and showed "Unknown" in the "Name" column.
But, without quotation marks, that column turned into "Version" and "Description" into "The DKIM record version."
And Gmail Show original turned into "PASS with domain example.org".