Your DKIM signature is not valid?

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,510
Points
63
Why I am getting this error testing with mail-tester.com

I have Dkim value from cPanel

Code:
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYui3rfkZK6YxH2A2U0ePd8PnmWMeiZvhRSxN3sSvIq00Yz14JSrWLEW7kCPCd/rLnME4rqLetxjke46ejtu5FqhzV29QTOnDnCdnu7nBIi7S1e0EDQCbDWShPZfRDLSwDUv+jMVDp9G5yM93M70Xl6uvbbpFOIVdTQ8bIsETLOqPuad8pvIJMdcnrkD+ZQ53" VWjhIrmJEEWGCGhZgPIxtkDYc+0qKN9vnt8kyWaI58VcYJ3I+Ow+t2lzQGo1qcncHPef0yBFgLf5yNcd9tVUroIoLoseqzD9WR7bYtfIlPXeJgwa+eszD4XH1nkZA4BdJUhcB+CPWfj1uxm3Sa0ZQIDAQAB\";
I removed quotes "" around the value and submitted to Cloudflare with a TXT record with name default._domainkey

in cPanel, it is verified

DKIM is a means of verifying incoming email. It ensures that incoming messages are unmodified and are from the sender from whom they claim to be. This feature works to prevent incoming spam messages.

Status: Enabled Active (DNS Check Passed)

But mail-tester.com is saying: Your DKIM signature is not valid

How to correct this?
 

Localnode

Well-known member
Registered
Joined
Dec 15, 2015
Messages
333
Points
43
How long ago did you add it to CloudFlare?
 

Localnode

Well-known member
Registered
Joined
Dec 15, 2015
Messages
333
Points
43
How long ago did you add it to CloudFlare?
Your DKIM is this:
Code:
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYui3rfkZK6YxH2A2U0ePd8PnmWMeiZvhRSxN3sSvIq00Yz14JSrWLEW7kCPCd/rLnME4rqLetxjke46ejtu5FqhzV29QTOnDnCdnu7nBIi7S1e0EDQCbDWShPZfRDLSwDUv+jMVDp9G5yM93M70Xl6uvbbpFOIVdTQ8bIsETLOqPuad8pvIJMdcnrkD+ZQ53" VWjhIrmJEEWGCGhZgPIxtkDYc+0qKN9vnt8kyWaI58VcYJ3I+Ow+t2lzQGo1qcncHPef0yBFgLf5yNcd9tVUroIoLoseqzD9WR7bYtfIlPXeJgwa+eszD4XH1nkZA4BdJUhcB+CPWfj1uxm3Sa0ZQIDAQAB\";
Change it to this:
Code:
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYui3rfkZK6YxH2A2U0ePd8PnmWMeiZvhRSxN3sSvIq00Yz14JSrWLEW7kCPCd/rLnME4rqLetxjke46ejtu5FqhzV29QTOnDnCdnu7nBIi7S1e0EDQCbDWShPZfRDLSwDUv+jMVDp9G5yM93M70Xl6uvbbpFOIVdTQ8bIsETLOqPuad8pvIJMdcnrkD+ZQ53VWjhIrmJEEWGCGhZgPIxtkDYc+0qKN9vnt8kyWaI58VcYJ3I+Ow+t2lzQGo1qcncHPef0yBFgLf5yNcd9tVUroIoLoseqzD9WR7bYtfIlPXeJgwa+eszD4XH1nkZA4BdJUhcB+CPWfj1uxm3Sa0ZQIDAQAB\";
The key is broken down into multiple parts remove the " in the middle and join the string together and then add the " to the end

Also read this article: https://support.cloudflare.com/hc/en-us/articles/200168696-How-do-I-add-DKIM-records-
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,510
Points
63
How long ago did you add it to CloudFlare?
How long ago did you add it to CloudFlare?
Your DKIM is this:
Code:
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYui3rfkZK6YxH2A2U0ePd8PnmWMeiZvhRSxN3sSvIq00Yz14JSrWLEW7kCPCd/rLnME4rqLetxjke46ejtu5FqhzV29QTOnDnCdnu7nBIi7S1e0EDQCbDWShPZfRDLSwDUv+jMVDp9G5yM93M70Xl6uvbbpFOIVdTQ8bIsETLOqPuad8pvIJMdcnrkD+ZQ53" VWjhIrmJEEWGCGhZgPIxtkDYc+0qKN9vnt8kyWaI58VcYJ3I+Ow+t2lzQGo1qcncHPef0yBFgLf5yNcd9tVUroIoLoseqzD9WR7bYtfIlPXeJgwa+eszD4XH1nkZA4BdJUhcB+CPWfj1uxm3Sa0ZQIDAQAB\";

I got DKIM value from cPanel.

After added on Cloudflare, my DKIM gets verified in cPanel but the problem is mail-tester.com is still saying that DKIM is not valid.
I don't know how to verify right for mail-tester.com

Change it to this:
Code:
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYui3rfkZK6YxH2A2U0ePd8PnmWMeiZvhRSxN3sSvIq00Yz14JSrWLEW7kCPCd/rLnME4rqLetxjke46ejtu5FqhzV29QTOnDnCdnu7nBIi7S1e0EDQCbDWShPZfRDLSwDUv+jMVDp9G5yM93M70Xl6uvbbpFOIVdTQ8bIsETLOqPuad8pvIJMdcnrkD+ZQ53VWjhIrmJEEWGCGhZgPIxtkDYc+0qKN9vnt8kyWaI58VcYJ3I+Ow+t2lzQGo1qcncHPef0yBFgLf5yNcd9tVUroIoLoseqzD9WR7bYtfIlPXeJgwa+eszD4XH1nkZA4BdJUhcB+CPWfj1uxm3Sa0ZQIDAQAB\";
The key is broken down into multiple parts remove the " in the middle and join the string together and then add the " to the end

Also read this article: https://support.cloudflare.com/hc/en-us/articles/200168696-How-do-I-add-DKIM-records-
I already have read this post

As they said

default._domainkey.example.com. 299 IN TXT "v=DKIM1; k=rsa; p=<encoded public key>" "<rest of public key>;"

You should remove the quotation marks and the spaces between them when adding DKIM records to your zone.

You do not need to escape semicolons for your DKIM records on Cloudflare.

If you still encounter issues copy-pasting the DKIM record values, you could also try importing a zone file and then remove " and \
So I removed quotes at the first and end of the line. and removed ;

Why you're still putting quotes in your suggestion?

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYui3rfkZK6YxH2A2U0ePd8PnmWMeiZvhRSxN3sSvIq00Yz14JSrWLEW7kCPCd/rLnME4rqLetxjke46ejtu5FqhzV29QTOnDnCdnu7nBIi7S1e0EDQCbDWShPZfRDLSwDUv+jMVDp9G5yM93M70Xl6uvbbpFOIVdTQ8bIsETLOqPuad8pvIJMdcnrkD+ZQ53VWjhIrmJEEWGCGhZgPIxtkDYc+0qKN9vnt8kyWaI58VcYJ3I+Ow+t2lzQGo1qcncHPef0yBFgLf5yNcd9tVUroIoLoseqzD9WR7bYtfIlPXeJgwa+eszD4XH1nkZA4BdJUhcB+CPWfj1uxm3Sa0ZQIDAQAB";
 

Localnode

Well-known member
Registered
Joined
Dec 15, 2015
Messages
333
Points
43
Because that's the way to add it. I just removed the quotation mark in the middle.
If it doesn't work, remove quote at start and end, and semicolon. It will work the way I added, though. Because that's what I did (removed quote in middle), and it works.
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,510
Points
63
David Beroff
Thank you and I could verify DKIM with cPanel and Cloudflare.

verifydkim.png

But when I checked with mail-tester.com then its still showing

Your DKIM signature is not valid

mailscores.png

I could not do more because I don't know how mail-tester.com will consider a valid DKIM.

Any cPanel experts here can help me out?
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,510
Points
63
Sorry I could fix a half of this problem as my emails were sent to inbox box of Gmail although Your DKIM signature is not valid is still being alerted when checking with mail-tester.com

Some days ago when sending emails to @gmail.com my email went to spam box there but now it is sent to inbox box.

I tried a searching on Google and found these ways and see they are effective to fix the problem.

In cPanel >> Authentication

enable DKIM and SPF by adding proper value on Cloudflare.

Don't get DKIM value in this area to add to cloudflare, using this way.

In SSH, type

Code:
cd /var/cpanel/domain_keys/public/
get DKIM value by typing this command

Code:
more yourdomainame.com

Change yourdomainame.com with your real domain name.

dkim_value1.png

Removing line brake in DKIM value and adding it to this


Code:
v=DKIM1; g=*; k=rsa; p=PublicDomainKeyGoesHere
Change PublicDomainKeyGoesHere with the valued you copied between BEGIN PUBLIC KEY and END PUBLIC KEY

Adding it to Cloudflare like this

dkimvalue2.png

All done.

If someone knows how to fix and validate DKIM when checking with mail-tester, please share below.


Thanks
David.
 

zuhamit

New member
Registered
Joined
May 15, 2018
Messages
8
Points
1
Still no luck. Copied the settings from SiteGround and applied them Cloudflare. It still says that DKIM signature is not valid.
 

Flyingscot

New member
Registered
Joined
May 17, 2018
Messages
7
Points
3
I solved this problem. Since I am no expert by any means, and it seems the experts have a very poor way of describing solutions, I do a lot of trial and error. I won't take you through the last week of my life trying to solve this. Even the tech support at Atlantic did not have a clue how to manage or set up mail authentication in cpanel on their own servers. I did everything you did above with no luck on mail-tester.com. Until...here it comes...on my cloudflare DNS account I deleted the last semicolon and quotation mark and voila...an 8.8 score on mail-tester.com So your dkim record should look like this when you paste it into the cloudflare field:

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYui3rfkZK6YxH2A2U0ePd8PnmWMeiZvhRSxN3sSvIq00Yz14JSrWLEW7kCPCd/rLnME4rqLetxjke46ejtu5FqhzV29QTOnDnCdnu7nBIi7S1e0EDQCbDWShPZfRDLSwDUv+jMVDp9G5yM93M70Xl6uvbbpFOIVdTQ8bIsETLOqPuad8pvIJMdcnrkD+ZQ53VWjhIrmJEEWGCGhZgPIxtkDYc+0qKN9vnt8kyWaI58VcYJ3I+Ow+t2lzQGo1qcncHPef0yBFgLf5yNcd9tVUroIoLoseqzD9WR7bYtfIlPXeJgwa+eszD4XH1nkZA4BdJUhcB+CPWfj1uxm3Sa0ZQIDAQAB

In my cpanel record mine ended with \; I deleted the semicolon and the trailing slash in order to get it to work.

Also for those of you who use cloudflare or another third party DNS and you see the message "unable to verify that this server is an authoritative nameserver" in your cpanel Authentication section in the Email section, just ignore it. Copy the DKIM public key you see in that field, delete the quoatation and space separator in the middle of the key making one long code and delete the last quotation and semicolon. It should look similar to the one above. Paste that into your third party DNS and you will have a valid DKIM key. DO NOT go to other services like DKIMCore.org to generate your key as I did originally. The key generated there will certainly give you a valid key but the problem lies with your cpanel then because the private key on your cpanel accounts are different so they won't match up with the new public key you generate. And now mail-tester will congratulate you on having a great email setup. My 2 cents...
 
Last edited:

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,510
Points
63
I solved this problem. Since I am no expert by any means, and it seems the experts have a very poor way of describing solutions, I do a lot of trial and error. I won't take you through the last week of my life trying to solve this. Even the tech support at Atlantic did not have a clue how to manage or set up mail authentication in cpanel on their own servers. I did everything you did above with no luck on mail-tester.com. Until...here it comes...on my cloudflare DNS account I deleted the last semicolon and quotation mark and voila...an 8.8 score on mail-tester.com So your dkim record should look like this when you paste it into the cloudflare field:
yes I also did everything to verify for mail-test but not luck like you, I think it was the problem of mail-tester.com
Are you sure after you verify DKIM with mail-tester.com then your DKIM will be verified successfully with other mail checking tools?
In my cpanel record mine ended with \; I deleted the semicolon and the trailing slash in order to get it to work.
I didn't find any guide that allow use to remove \; or if that is jut to make it work with mail-tester then I think it can be a wrong way.
 

Flyingscot

New member
Registered
Joined
May 17, 2018
Messages
7
Points
3
Flyingscot
"I didn't find any guide that allow use to remove \; or if that is jut to make it work with mail-tester then I think it can be a wrong way. "

That is just it. There is no guide. I spent hours looking for a solution to the problem message "unable to verify that this server is an authoritative nameserver" I tried everything the "experts" recommended. When I deleted the \; from the end of the key I got a Valid DKIM Key response on dkimcore.org and when I tested an email from my home computer outlook account on mail-tester.com I got a 9.5 score. When I logged on to my server and send an email to mail-tester.com from webmail I got a 8.8 score. Both results gave me a postive for the authoritative nameserver. So much for the experts...

I remember back in the early 2000s when I was setting up my first internet radio station. MP3 was the format of the day. There were no AC3 streaming solutions which would have allowed 1/4 the bandwidth per stream which would quadruple your server capacity for subscribers. When Wowza launched their first version of their video streaming platform I noticed the audio channel was AC3 format. I contacted them and asked them if it was possible to break the audio channel out from the video channel and they said it was impossible. So...not to be deterred I downloaded the demo...opened up a hex editor and looked at the source code. It took 2 venti Starbuck lattes on a Saturday to figure out how to add my server IP and create the code to just use their audio channel. By the end of the day I had a streaming radio station in AC3 format complete with song and interview notices. I was launching a talk radio station then. I called Wowza the following Monday and gave them the link to my radio station. I told them nobody had this capability and they could become the defacto leader overnight if they created a new product and targeted Internet radio. They were gobsmacked because they did not think it was possible. I listen to experts with a grain of salt. By the way I built my first Internet server back in 1991 in New Westminster, BC when I was hosting Canada's only weekly talk radio show on technology. There were almost no Internet experts back then. It was all seat of the pants exploration, development, and trial and error.
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,510
Points
63
David Beroff
That is just it. There is no guide. I spent hours looking for a solution to the problem message "unable to verify that this server is an authoritative nameserver" I tried everything the "experts" recommended. When I deleted the \; from the end of the key I got a Valid DKIM Key response on dkimcore.org and when I tested an email from my home computer outlook account on mail-tester.com I got a 9.5 score. When I logged on to my server and send an email to mail-tester.com from webmail I got a 8.8 score. Both results gave me a postive for the authoritative nameserver. So much for the experts...
So, with my DKIM key as following
Code:
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYui3rfkZK6YxH2A2U0ePd8PnmWMeiZvhRSxN3sSvIq00Yz14JSrWLEW7kCPCd/rLnME4rqLetxjke46ejtu5FqhzV29QTOnDnCdnu7nBIi7S1e0EDQCbDWShPZfRDLSwDUv+jMVDp9G5yM93M70Xl6uvbbpFOIVdTQ8bIsETLOqPuad8pvIJMdcnrkD+ZQ53" VWjhIrmJEEWGCGhZgPIxtkDYc+0qKN9vnt8kyWaI58VcYJ3I+Ow+t2lzQGo1qcncHPef0yBFgLf5yNcd9tVUroIoLoseqzD9WR7bYtfIlPXeJgwa+eszD4XH1nkZA4BdJUhcB+CPWfj1uxm3Sa0ZQIDAQAB\";
Which should I remove?
Honestly I have not succeeded verifying with mail-tester, if your way can do, why not I should try to give it a go. :)
 

zuhamit

New member
Registered
Joined
May 15, 2018
Messages
8
Points
1

Attachments

Flyingscot

New member
Registered
Joined
May 17, 2018
Messages
7
Points
3
Flyingscot
Your dkim key has ;=email at the end of the key. Try pasting this into your value field on your dns:

v=DKIM1; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1ix+GXWVO4nn4FNj+M06QpRkiz9btFLwCOiRmEXU5QWcaIm/K/1c5KIR1o8aKh5oK80+SuGao/+dUAPeOfkmYlLXnJ2znzkFc4oFS5cG8nTvPW43hWdFHY6v13tYGbXZFC2Z9npxh2FO0yoFevcWMvUPMWp+9SU6+vw6v8lVbgQIDAQAB

and then test it at dkimcore.org first before you test it on mail-tester
 

zuhamit

New member
Registered
Joined
May 15, 2018
Messages
8
Points
1
Tried that already per instructions above. No luck..
 

Flyingscot

New member
Registered
Joined
May 17, 2018
Messages
7
Points
3
Flyingscot
When you say it doesn't work what do you mean? It resolves as a valid key on dkimcore.org Where did you get the key? From the Cpanel account for the domain in the authentication section? Since the key is valid you need to confirm you are using the key from the spedific cpanel account (fastruckmoving.com) so that it matches the private key stored on the server.
 
Last edited:

zuhamit

New member
Registered
Joined
May 15, 2018
Messages
8
Points
1
I have copied the key from cpanel of fastruckmoving.com on siteground.
 

Flyingscot

New member
Registered
Joined
May 17, 2018
Messages
7
Points
3
Flyingscot
Okay. Is it the original key? By that what I mean is one of the mistakes I made was I had copied the key to my text editor to save it. When I used it I had no luck. I went back to cpanel and disabled DKIM because of that stupid error message about the authoritative nameserver. After no luck making it work with my DNS I went back to my cpanel and enabled DKIM. I tested the DKIM key again. It resolved fine on dkimcore. What I didn't realize was when I reenabled the DKIM key it generated a different key. They looked, at a quick glance, to be the same. But they were different. When I realized that I copied the new key into my cloudflare account. Again it resolved correctly on dkimcore.org but did not work on mail-testor.com. That was when I tried deleting the semi-colon and the trailing slash. That proved successful with dkimvalidator.com and the other DKIM checking sites. In fact on dkimvalidator.com:

SpamAssassin Score: -0.099

Message is NOT marked as spam
Points breakdown:
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
 

zuhamit

New member
Registered
Joined
May 15, 2018
Messages
8
Points
1
It is the key that Siteground re-generated after I re-enabled DKIM in Siteground.
 
Newer Threads
Recommended Threads
Similar Threads
Replies
1
Views
1,938
Replies
4
Views
4,280
Replies
12
Views
7,165

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top