The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DMARC reports showing DKIM fail from Google, Yahoo, AOL, LinkedIn and Comcast

Discussion in 'E-mail Discussions' started by dld, Jan 31, 2016.

  1. dld

    dld Member

    Joined:
    Apr 18, 2006
    Messages:
    7
    Likes Received:
    2
    Trophy Points:
    3
    I've been trying for weeks now to get my SPF and DKIM setup and working properly for full DMARC compliance.

    SPF is now working correctly in all cases (except for occasional forwards). Woohoo!

    However, DKIM continues to fail in all cases.

    Since DMARC only requires SPF or DKIM to produce a "pass" result, that's okay most of the time.

    On the other hand, since there are occasional SPF fail as well with forwards, I really want to get DKIM into the "pass" column ASAP.

    In each case, the reports I get from Google, Yahoo, AOL, LinkedIn, and Comcast all show "pass" under SPF with the detected domain being listed correctly in the report from each email vendor.

    Also in each case, the report shows "fail" under DKIM with the detected domain being listed as "none" in all cases.

    When I test DKIM at mxtoolbox.com, it successfully returns my DKIM settings and does not report any issues.

    When I test DKIM by sending a test email to check-auth@verifier.port25.com I get a report back that says SPF is "pass" while DKIM is "neutral".

    When I use appmaildev.com to request a test, it again reports SPF is working fine, but for DKIM it says, "DKIM result: none (no signature)".

    Anyone know what's going on and how to fix this?
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    If it's a 2048-bit or larger key, you might have problems with how it is entered in the DNS zone file. Are the authoritative nameservers for the domains in question the nameserver(s) configured in your WHM (your local server). Or are the DNS zones external (on some other nameservers, or at GoDaddy, NetSol, Enom, etc)?

    If you are using 2048-bit or larger keys you are going to have to make sure that they are in the DNS zone correctly. The key length is too long for the TXT record field and ends up needing to be split up.

    Mike
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page