SOLVED DMARC, DKIM, SPF and MxToolbox - domain shows hundreds of thousands of unauthenticated messages

U

unco

Active Member
Jun 17, 2010
43
7
58
Southern Pines, NC
Hi Everyone,

I have a domain that began being rejected by gmail. I signed up with MxToolbox to try to troubleshoot the problem. What we know is that the messages are not going through the server here. They are allegedly going out of a server in Singapore. I'm really trying to figure out how this is happening! I tried to send email to the abuse admin at the domain, and it bounced with a no such user message. I sent to hostmaster account next & am waiting to see...

I have DKIM keys set up in cPanel. I have SPF set up with -all. DMARC is still set to policy none, but I'm wondering if, since messages are being rejected from the users anyway, should I set it to quarantine?


I ran some header analysis at MxToolbox, and they indicate :

DKIM Signature Body Hash VerifiedBody Hash Did Not Verify

This makes me think there is an error with the cPanel generated keys. Do these keys need to be copied to the DNS servers? This machine doesn't do DNS. When a recipient's server is checking DKIM keys, they are looking at the message header, but do they expect to find the public key on the DNS server someplace?

There's so much that could be wrong, so I'm wondering if anyone has any ideas about what to do, or are there any good consultants that could help out?

Thanks,
B
 

Attachments

cPanelLauren

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,309
363
Houston
From what I understand mxtoolbox's body hash verification has a bug. You can see this discussed in a few places:

www.axigen.com

DKIM Body Hash Did Not Verify

I have configured DKIM as suggested somewhere in the forums where I set the key path, selector and Sign. The message is signed but it seems it is modified when received. I get the header from the received message and I analyze it on mxtoolbox.com and I get a message for DKIM verification: Body...
www.axigen.com www.axigen.com
github.com

DKIM Body Hash Did Not Verify · Issue #252 · Pro/dkim-exchange

Versions Windows Server Version: 2019 Exchange Version: 2016 CU10 Installed DKIM Exchange Version: 3.1.0 Description DKIM Body Hash Did Not Verify I am not an expert. And I can't figure out why thi...
github.com github.com

In that second link it's noted that the issue with it is resolved but the first link is another report of it being buggy again recently.

Have you tried using a different DKIM validator?
 
U

unco

Active Member
Jun 17, 2010
43
7
58
Southern Pines, NC
Thanks for the reply! I appreciate it. I have tried a few validators, and it seems to bear out your point that MX Toolbox has some buggy stuff. Do you have any recommendations for ongoing monitoring?

I submitted a request to google, begging for them to help. I'll let you know what happens with that.

Thanks for taking the time to help.

Beth
 
cPanelLauren

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,309
363
Houston
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
verdon Best practice for DMARC, DKIM, and SPF when hosting DNS and web, but email is at gsuite Email 1
A Email goes to spam even with valid SPF, DKIM and DMARC records, dynamic rDNS on AWS instance Email 1
M SPF, DKIM and DMARC all set but dmarc-reports keep saying the opposite Email 21
C Confusion about DKIM, SPF, DMARC for addon domains and relationship with associated subdomain Email 1
K SOLVED Emails are going to spam despite SPF, DMARC, DKIM Email 12
Similar threads
Best practice for DMARC, DKIM, and SPF when hosting DNS and web, but email is at gsuite
Email goes to spam even with valid SPF, DKIM and DMARC records, dynamic rDNS on AWS instance
SPF, DKIM and DMARC all set but dmarc-reports keep saying the opposite
Confusion about DKIM, SPF, DMARC for addon domains and relationship with associated subdomain
SOLVED Emails are going to spam despite SPF, DMARC, DKIM
Top Bottom