Validating DKIM key agains google and spam problems

Discussion in 'Installation/Configuration' started by Realware, Mar 31, 2019.

  1. Realware

    Realware New Member

    Hi all,

    I don't know if it is more of a generic issue or related to the way the DKIM key is generated inside ISPconfig. (ubuntu 18.04 + Ispconfig + nginx ) I'm having an hard time validating my DKIM key generated in ISPconfig against google servers (the googleapps toolbox) while on all the major online tools is correctly detected and parsed without warnings.

    I can't post the link since I'm a new user,

    The result is always : Invalid format of DKIM record: v=DKIM1; t=s; p=[rest of the key]
    I've heard the internet big guys now do not like the 1024 key format, considered too weak, I tried with all the 3 options available (1024,2048,4096), all with the same result. I've also tried the "splitting lines" technique

    This is quite annonying for me because I'm having an hard time avoiding the mails sent from my server going all to the spam forlder (in gmail, and sometimes hotmail, but I'll check the MS big guys later), and considering everything is running with all the best practices I could find on the net ( PTR record, SPF; DMARC, TLS, wilcard certificate for postfix etc), my last resort is that google doesn't like my DKIM key.

    No evidence found in the logs or email headers, for example, many of my customers domains (hosted on my ispconfig installation), when writing to a gmail account, get flagged as spam. I've also checked and I'm not in any black list.

    I've added the spf record allowing my server ip as "trusted" on their dns zones (should I also add the DKIM key on their dns zones or just on my server domain zone?) and in the email headers it says "SPF passed, allowed domain etc.." The customers have a dedicated user [email protected] .com to send email, for the moment I'm acting just as an smtp server for them, while in the process of the domain migration.

    Any advice about the reason of the spam flagging and/or the correct dkim format for google?

    Many thanks in advance
  2. Realware

    Realware New Member

    Just an head up, I found this tool:
    which help adding your domain to a google "trusted zone" undergoing a verification process by adding a cname on your DNS.

    Unfortunately MS does not provide a similar page, just an information page about errors and best practices, worth a read tough.

    The same for Yahoo:

    Hope you find useful info if you struggle with spam flagged email from your server
    Last edited: Apr 2, 2019
  3. Realware

    Realware New Member

    I've also found out, my mistake, that yes, I've created the DKIM key for my server, but my client has the domain and not, so I've to add the DKIM key also in his dns zone.

    Too bad his crappy hosting does not even provide the possibility to add a DKIM key, (webmail in plain http and self signed cert for a 300$ hosting per year). I've tried adding a TXT record but does not accept the key string, even enclosed in "" or splitted lines. So I'm moving his domain to a better provider.
    Last edited: Apr 2, 2019

Share This Page