Message not signed with DKIM, domains are not aligned can't check DMARC

GoWilkes

Well-Known Member
Sep 26, 2006
554
21
168
cPanel Access Level
Root Administrator
I'm checking out my email deliverability with mail-tester.com, and I'm having 2 errors that confuse me. I'm hoping you guys and gals can help me track this down.

I used a parked domain to send emails; so the account is set up for example.co (not .com, but .co) and now I own example.net. So I parked it on top of example.co, and send emails through [email protected].

The errors I'm getting:

Your message is not signed with DKIM

But looking at the DNS records for example.net, I do have default._domainkey.example.net. :

Code:
v=DKIM1; k=rsa; p=[random code];

Your domains are not aligned. We can't check DMARC

Before using DMARC, you should make sure the domains used in the Envelope From (e.g., Return-Path or Mail-From), the "Friendly" From (i.e., "Header" From) and the d=domain in the DKIM-Signature are the same

Verification details:
  • mail-tester.com; dmarc=none header.from=example.net
  • From Domain: example.net
  • DKIM Domain: example.co

and I have _dmarc.examle.net. :

Code:
v=DMARC1;p=none;sp=none;adkim=r;aspf=r;pct=100;fo=1;rf=afrf;ri=86400;rua=mailto:[email protected];ruf=mailto:[email protected]
Do I need to change something to make these work properly?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
2,981
378
213
cPanel Access Level
Root Administrator
Hey hey!

Although the DNS records may be present on the server, are we sure they are loaded and propagating well? When this happens, I like to check the zone file itself to see if there are any problems that could be keeping things from loading. You can do that with the following command:

Code:
named-checkzone domain.com /var/named/domain.com.db
Can you try that and see if that gets you more details?
 

GoWilkes

Well-Known Member
Sep 26, 2006
554
21
168
cPanel Access Level
Root Administrator
You know, when I read that, I hear Krusty the Clown in my head :-p LOL

Can you try that and see if that gets you more details?
The results seem OK:

Code:
# named-checkzone example.co /var/named/example.co.db
zone example.co/IN: loaded serial 2020062900
OK

# named-checkzone example.net /var/named/example.net.db
zone example.net/IN: loaded serial 2020120900
OK
Any other thoughts?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
2,981
378
213
cPanel Access Level
Root Administrator
I don't have much else to go on for this one without seeing the actual domain name and DNS records being used. It might be best to put in a ticket for this issue so we can test it live. If you do that, let me know the number here so I can keep the community updated with the results.