Invalid DKIM Signature

Understanding and troubleshooting invalid DKIM signature errors.

You may have received feedback from someone trying to send you an email which was refused with a message related to DKIM signature.

What is DKIM?

DKIM stands for DomainKeys Identified Mail. It's an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam.

How DKIM Verification Works

The email authentication process involves several steps:

  1. Signing: The email content and certain headers are encrypted and hashed, creating a DKIM signature that's added to the email header
  2. Verification: Upon receiving an email with a DKIM signature, the recipient's mail server repeats the encryption and hashing process
  3. Comparison: The newly calculated signature is compared against the one provided in the email header
  4. Result: If the signatures don't match, the content has been altered, and the email is rejected with an Invalid DKIM Signature message

Common Causes

When legitimate senders encounter this issue, it typically indicates a configuration issue between their email sending provider or their DNS. A DKIM public key must be properly placed in the sender's domain DNS as a TXT record.

Troubleshooting Steps

Ask the sender to test their DKIM configuration using SparkPost's DKIM verification tool.

If issues persist, contact ImprovMX support for further investigation.

Still have questions? Feel free to reach out to our support team!