No DKIM-Signature header found

#1

Hello!

I’ve set up DKIM following the steps in the tutorial, copied the value from Account Manager > DKIM Keys/DNS Management, removed the “” (as the domain’s on Cloudflare), however MXtoolbox is reporting “No DKIM-Signature header found”. SPF & DMARC are working correctly.
This is the Cloudflare DNS entry:
dns7

Thank you!

#3

Ah the exim update needed a change in syntax on the outbound transport. Fixed, sorry about that.

#2

Your SPF record is incorrect.

It should be:

v=spf1 include:mxlogin.com -all

Do not copy the records from Direct Admin - the ONLY record to be taken from that page is the SPF record! Refer to the email you received when you purchased your MXroute plan.

MXToolbox is not that reliable for testing DKIM. Instead go to https://mail-tester.com and send an email to the address that they provide. If THAT says that your DKIM is invalid, please give the test results link for more guidance.

#4

Thanks,

After changing SPF to v=spf1 include:mxlogin.com -all, Gmail marks the email as Phishing/Spam:
spf2
With a SPF hard fail:
spf

Shall I revert to the previous SPF? I’d love to use the welcome email values, but we never received it for this account.

On the other hand, Mail-Tester is also failing DKIM:
dkim1

Thanks!

#6

Hello,

No, I’ve sent an email to a Gmail account so I could quickly look at the original message, where they indicate SPF, DKIM etc status.

Thanks

#5

That screenshot showing the failure is from a Google IP. Are you sure you’re sending these emails through our SMTP? We wouldn’t send from a Google IP.

If you’re using Google to forward emails, SPF could fail in such a fashion because Google doesn’t properly support SRS. That’s really a Google problem if so, and not something you should be trying to mitigate with your SPF (you can’t include everyone as a valid sender just to appease poorly configured mail servers at the expense of your security and deliverability).

Reference to what SRS means: https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme

#7

If you sent an email to Gmail from our system and they determined SPF failure based on the IP 209.85.220.69 (and no forwarding was involved), we’ll have to assume that Google’s system is broken and has begun testing SPF against it’s own IPs for no legitimate reason. Unfortunate and I haven’t seen it, but that’s the only reasonable conclusion.

I don’t see a reason for any emails leaving our server to not be signed with DKIM at this stage. If you’d like me to test, message me which domain it is on chat.mxroute.com (uses portal.mxroute.com login) and I’ll create a test email account.