A few weeks ago, a former client contacted me, reporting issues with their DKIM signature. The client was receiving sender authentication errors with the DKIM signature they had set up on their domain.
The client has recently switched to a new email service provider and domain. The client wanted me to resolve the issue before they started a major email marketing campaign.
I agreed to help the client for a small fee, of course.
I performed the following steps to start troubleshooting the issue:
- Verified the DKIM signature TXT record was set up correctly on the hosting service
- Sent a test email from the ESP to my test Gmail and Outlook accounts
- Verified the DKIM signature is passing in the email header
Interestingly, the DKIM signature for the hosting service passed. However, the DKIM signature for the ESP was missing from the email header. This indicated that the ESP’s DKIM key wasn’t being used for the email signing.
From my experience with this particular ESP, you need to set up a separate DKIM signature TXT record for the ESP, in addition to the one for the hosting service. This allows the ESP’s DKIM signature to sign emails using their specific DKIM key.
Side Note: Please consult with your ESP to see if you need to add an additional TXT record for your ESP DKIM signature and the correct settings.
I consulted with the ESP for the correct DNS setting for the ESP DKIM signature. After ensuring the proper settings were set up, I waited 24 hours for the DNS settings to propagate. However, the time-to-live (TTL) setting varies.
After propagation was complete, I sent another email through the ESP to verify that both DKIM signatures were present in the email header. Both DKIM signatures passed, and the client’s sender authentication check passed.
In conclusion, if you are using an ESP, please verify whether an additional TXT record is required in the ESP DKIM signature, ensure all DNS settings are correct, and allow sufficient time for the DNS to propagate fully.
Thanks for listening,
Ivan Hurt, Email Developer
