SOLVED DMARC, DKIM, SPF and MxToolbox - domain shows hundreds of thousands of unauthenticated messages

unco

Active Member
Jun 17, 2010
35
6
58
Southern Pines, NC
Hi Everyone,

I have a domain that began being rejected by gmail. I signed up with MxToolbox to try to troubleshoot the problem. What we know is that the messages are not going through the server here. They are allegedly going out of a server in Singapore. I'm really trying to figure out how this is happening! I tried to send email to the abuse admin at the domain, and it bounced with a no such user message. I sent to hostmaster account next & am waiting to see...

I have DKIM keys set up in cPanel. I have SPF set up with -all. DMARC is still set to policy none, but I'm wondering if, since messages are being rejected from the users anyway, should I set it to quarantine?


I ran some header analysis at MxToolbox, and they indicate :

DKIM Signature Body Hash VerifiedBody Hash Did Not Verify

This makes me think there is an error with the cPanel generated keys. Do these keys need to be copied to the DNS servers? This machine doesn't do DNS. When a recipient's server is checking DKIM keys, they are looking at the message header, but do they expect to find the public key on the DNS server someplace?

There's so much that could be wrong, so I'm wondering if anyone has any ideas about what to do, or are there any good consultants that could help out?

Thanks,
B
 

Attachments

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
From what I understand mxtoolbox's body hash verification has a bug. You can see this discussed in a few places:


In that second link it's noted that the issue with it is resolved but the first link is another report of it being buggy again recently.

Have you tried using a different DKIM validator?
 

unco

Active Member
Jun 17, 2010
35
6
58
Southern Pines, NC
Thanks for the reply! I appreciate it. I have tried a few validators, and it seems to bear out your point that MX Toolbox has some buggy stuff. Do you have any recommendations for ongoing monitoring?

I submitted a request to google, begging for them to help. I'll let you know what happens with that.

Thanks for taking the time to help.

Beth
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston