Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

You're Not Fully Authenticated DKIM issue

Discussion in 'E-mail Discussion' started by fullfatdesigns, May 5, 2018.

  1. fullfatdesigns

    fullfatdesigns Well-Known Member

    Joined:
    Aug 1, 2014
    Messages:
    47
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hi

    I've got client who's emails we think are getting lost in peoples SPAM folder, so I asked her to send it to mail-tester.com to test it. It scored a 9/10 with the message;

    You're not fully authenticated
    We were not able to check your DKIM signature

    So I added the following to domain zone;
    _dmarc TXT and I thought (v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ri=86400), but just re-checking now, it just has the v=DMARC1 part)

    After re-checking on mail-tester it scored 6.7/10, with the message;

    You're not fully authenticated
    Your message failed the DMARC verification

    A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and give instruction if neither of those authentication methods passes. Please be sure you have a DKIM and SPF set before using DMARC.

    You are not allowed to send a message with this address

    DMARC DNS entry found for the domain _dmarc.example.co.uk:

    "v=DMARC1"


    Verification details:

    mail-tester.com; dkim=pass (2048-bit key; unprotected) header.d=example.co.uk header.i=@example.co.uk header.b=kywEEQrq; dkim-atps=neutral
    mail-tester.com; dmarc=permerror header.from=example.co.uk
    mail-tester.com; dkim=pass (2048-bit key; unprotected) header.d=example.co.uk header.i=@example.co.uk header.b=kywEEQrq; dkim-atps=neutral
    From Domain: example.co.uk
    DKIM Domain: example.co.uk


    I noticed other TXT records where is speech marks, should I have entered;

    "v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ri=86400"

    Or something else? Or am I doing this incorrectly?

    Regards
    Wayne
     
    #1 fullfatdesigns, May 5, 2018
    Last edited by a moderator: May 5, 2018
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,758
    Likes Received:
    79
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    You have problem in DKIM record. Try resetting the DKIM record for the domain through the modify account section.
     
  3. fullfatdesigns

    fullfatdesigns Well-Known Member

    Joined:
    Aug 1, 2014
    Messages:
    47
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hi

    Thanks for the reply. I resaved in the modify account section and re-added the original DKIM record in speech marks and on re-testing, the score was 9.7. I'm getting the message;
    Code:
    SpamAssassin thinks you can improve
    -0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
    This negative score will become positive if the signature is validated. See immediately below.
    0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
    Great! Your signature is valid
    0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain
    Great! Your signature is valid and it's coming from your domain name
    -0.001 HTML_MESSAGE HTML included in message
    No worry, that's expected if you send HTML emails
    -0.363 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS
    0.001 SPF_PASS SPF: sender matches SPF record
    Great! Your SPF is valid
    -0.01 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
    
    
    I think if I get these final bits sorted I should get a 10/10. But I'm not sure what to change to achieve these. Does anyone have any suggestions?

    Regards
    Wayne
     
    #3 fullfatdesigns, May 5, 2018
    Last edited by a moderator: May 5, 2018
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    836
    Likes Received:
    62
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Looking at the score report from mail-tester it doesn't appear any of the issues are related to DKIM:

    The negative score here:

    Is canceled out by the positives here as indicated in the message:
    The only negative you're getting is because of the following:

     
    linux4me2 likes this.
  5. fullfatdesigns

    fullfatdesigns Well-Known Member

    Joined:
    Aug 1, 2014
    Messages:
    47
    Likes Received:
    6
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Yes, thank you.

    The rDNS is the biggest down score. I will contact my host to see if they can assist.

    Thank you for your reply.
     
  6. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    836
    Likes Received:
    62
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @fullfatdesigns

    You're right and this is because it appears that the rDNS is dynamic - an explanation of SpamAssassin's RDNS_DYNAMIC rule is here:

    Rules/RDNS_DYNAMIC - Spamassassin Wiki

    It is expecting a static allocation (meaning the IP doesn't change) - Your provider would most likely be the one that can address this.

    Thanks!
     
Loading...

Share This Page