DKIM Signature Invalid on mail-tester.com – CyberPanel [SOLUTION]
General fix: [SOLUTION]
No matter whether your domain is hosted on Cloudflare, GoDaddy, etc. this will work on all.
Quick fix (change TTL of default._domainkey to 600 seconds or less.)default._domainkey
is a DKIM TXT record value.
I’m using
- DigitalOcean Droplet
- CyberPanel
- Rainloop Mailbox (comes with CyberPanel)
- Domain hosted in GoDaddy
DKIM signature invalid
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.
CyberPanel shows:
default._domainkey.domain.com – Copy the value and later we’ll modify it.

"v=DKIM1; h=sha256; k=rsa; " “p=CIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArp5UWF8v6qt25/GZIVc7ZbJg4IyiCNLqB1Y5zguBCcl5/I65mGMJaWVsN88a4vS5pMkSVQD+zZDylb5QewVWLYY27uJb2XGo8iJ2b+OiB2Ruf3OrhiU7IanGerh58E+h5hTxHc/wigCJJ0UgLh00aDS42YY4klhzqunoa1Tt2bY2Z4+m8xTmzLk9ryEZMtXXxnN3Wm6aBDMyCC” “NyutbF1ts25sjuRJZM12WFCNr1gQQ5JtR3XNgL1iP2hwMaQKbvayoNAuZpl6Fvosw4VCqcchYy+1zavm+G+WyoutUTkzcdu7CTC1G4iXSR51mD1hAqnmJJTyaksw+JzeNpIIoPYQIDAQAC”
Don’t remove all quotations (“”)
Remove only 4 quotations.
e.g and the final result must be like the below.
v=DKIM1; h=sha256;
k=rsa;
p=CIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArp5UWF8v6qt25/GZIVc7ZbJg4IyiCNLqB1Y5zguBCcl5/I65mGMJaWVsN88a4vS5pMkSVQD+zZDylb5QewVWLYY27uJb2XGo8iJ2b+OiB2Ruf3OrhiU7IanGerh58E+h5hTxHc/wigCJJ0UgLh00aDS42YY4klhzqunoa1Tt2bY2Z4+m8xTmzLk9ryEZMtXXxnN3Wm6aBDMyCC" "NyutbF1ts25sjuRJZM12WFCNr1gQQ5JtR3XNgL1iP2hwMaQKbvayoNAuZpl6Fvosw4VCqcchYy+1zavm+G+WyoutUTkzcdu7CTC1G4iXSR51mD1hAqnmJJTyaksw+JzeNpIIoPYQIDAQAC
remove quotation before v=DKIM1
remove quotation after k=rsa;
remove quotation before p=
remove the last quotation.
Don’t remove any quotation inside p=
and then add that record in txt default._domainkey
by default TTL will be 1 Hour. ALERT!
change TTL of default._domainkey to 600 seconds.
and then test again mail with mail-tester_com and am sure this time the error fixed. If the error is fixed then again change the TTL of default._domainkey to 1 Hour.
Start Testing – Pick an email from email-tester.com
goto to the website mail-tester.com and pick the email.

Send an email to the mail you pick from email-tester.com

Start Test

The response is: DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.

Now change the TTL value
Set TTL of default._domainkey to 600 seconds. Later I’ll set again it to 1 Hour.


After changing the TTL value, go to mail-tester.com and reload the page. this time a new mail was generated. Copy the mail and again send an email through your server.
Finally

Now again change the TTL value to default or 1 Hour (36000 seconds).
Furthur How to Create a reverse DNS record?
Reverse Domain Name Service (DNS) records are essential for those running a mail server because many recipient servers reject, or mark as spam, all email that originates from an unauthenticated server. As am using DigitalOcean so, I can share the specific details.
The Reverse DNS has configured automatically from our end based on the droplet’s hostname.

PTR records
You have no PTR records.
DigitalOcean will automatically create a PTR record for a server when you rename the host Droplet to the fully qualified domain name of a domain you are managing on your account.
To check Mail Health visit https://mxtoolbox.com/domain/

This mxtoolbox.com
tool will help you with regarding Reverse DNS (PTR Records).
I hope this article is helpful.