DKIM signature invalid

DKIM Signature Invalid on mail-tester.com – CyberPanel [SOLUTION]

General fix: [SOLUTION]
No matter whether your domain is hosted on Cloudflare, GoDaddy, etc. this will work on all.
Quick fix (change TTL of default._domainkey to 600 seconds or less.)
default._domainkey is a DKIM TXT record value.

I’m using

  • DigitalOcean Droplet
  • CyberPanel
  • Rainloop Mailbox (comes with CyberPanel)
  • Domain hosted in GoDaddy

DKIM signature invalid

DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.

CyberPanel shows:
default._domainkey.domain.com – Copy the value and later we’ll modify it.

Copy the TXT value of default._domainkey DKIM record value.
Copy the TXT value of default._domainkey DKIM record value.
"v=DKIM1; h=sha256; k=rsa; " “p=CIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArp5UWF8v6qt25/GZIVc7ZbJg4IyiCNLqB1Y5zguBCcl5/I65mGMJaWVsN88a4vS5pMkSVQD+zZDylb5QewVWLYY27uJb2XGo8iJ2b+OiB2Ruf3OrhiU7IanGerh58E+h5hTxHc/wigCJJ0UgLh00aDS42YY4klhzqunoa1Tt2bY2Z4+m8xTmzLk9ryEZMtXXxnN3Wm6aBDMyCC” “NyutbF1ts25sjuRJZM12WFCNr1gQQ5JtR3XNgL1iP2hwMaQKbvayoNAuZpl6Fvosw4VCqcchYy+1zavm+G+WyoutUTkzcdu7CTC1G4iXSR51mD1hAqnmJJTyaksw+JzeNpIIoPYQIDAQAC”

Don’t remove all quotations (“”)
Remove only 4 quotations.
e.g and the final result must be like the below.

v=DKIM1; h=sha256; 
k=rsa; 
p=CIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArp5UWF8v6qt25/GZIVc7ZbJg4IyiCNLqB1Y5zguBCcl5/I65mGMJaWVsN88a4vS5pMkSVQD+zZDylb5QewVWLYY27uJb2XGo8iJ2b+OiB2Ruf3OrhiU7IanGerh58E+h5hTxHc/wigCJJ0UgLh00aDS42YY4klhzqunoa1Tt2bY2Z4+m8xTmzLk9ryEZMtXXxnN3Wm6aBDMyCC" "NyutbF1ts25sjuRJZM12WFCNr1gQQ5JtR3XNgL1iP2hwMaQKbvayoNAuZpl6Fvosw4VCqcchYy+1zavm+G+WyoutUTkzcdu7CTC1G4iXSR51mD1hAqnmJJTyaksw+JzeNpIIoPYQIDAQAC

remove quotation before v=DKIM1
remove quotation after k=rsa;
remove quotation before p=
remove the last quotation.
Don’t remove any quotation inside p=

and then add that record in txt default._domainkey
by default TTL will be 1 Hour. ALERT!
change TTL of default._domainkey to 600 seconds.

and then test again mail with mail-tester_com and am sure this time the error fixed. If the error is fixed then again change the TTL of default._domainkey to 1 Hour.

Start Testing – Pick an email from email-tester.com

goto to the website mail-tester.com and pick the email.

mail-tester.com pick mail
mail-tester.com

Send an email to the mail you pick from email-tester.com

send an email to the mail you pick from email-tester.com
send an email to the mail you pick from email-tester.com

Start Test

DKIM signature invalid featured and response
Result: Your DKIM signature is not valid.

The response is: DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.

Your DKIM signature is not valid details
Your DKIM signature is not valid details

Now change the TTL value

Set TTL of default._domainkey to 600 seconds. Later I’ll set again it to 1 Hour.

set TTL of default._domainkey to 600 seconds.
set TTL of default._domainkey to 600 seconds.
save changes. (double quotations is exists inside p=)
save changes. (double quotations is exists inside p=)

After changing the TTL value, go to mail-tester.com and reload the page. this time a new mail was generated. Copy the mail and again send an email through your server.

Finally

DKIM signature invalid after modified code
DKIM signature invalid after modified code.

Now again change the TTL value to default or 1 Hour (36000 seconds).

Furthur How to Create a reverse DNS record?

Reverse Domain Name Service (DNS) records are essential for those running a mail server because many recipient servers reject, or mark as spam, all email that originates from an unauthenticated server. As am using DigitalOcean so, I can share the specific details.

The Reverse DNS has configured automatically from our end based on the droplet’s hostname.

Create a reverse DNS record in digitalocean.
Create a reverse DNS record in digitalocean.

PTR records
You have no PTR records.
DigitalOcean will automatically create a PTR record for a server when you rename the host Droplet to the fully qualified domain name of a domain you are managing on your account.

To check Mail Health visit https://mxtoolbox.com/domain/

Reverse DNS Resolution - No PTR Record found.
Reverse DNS Resolution – No PTR Record found.

This mxtoolbox.com tool will help you with regarding Reverse DNS (PTR Records).

I hope this article is helpful.

Leave a Comment